Compliance

Get Ready: Changes to ALTA’s Best Practices and Assessment Procedures

Overview of ALTA Best Practices Changes In June 2016, the ALTA Board approved the modifications to the ALTA Best Practices and assessment procedures, and also created the Best Practices Maturity Model to help Title Companies measure compliance with the Best Practices. Below is a brief summary of the changes that were made to the Best […]

Read More

Ask A-LIGN’s Experienced Assessors: HITRUST

Because of the unique challenges facing the healthcare industry, companies are considering their options to mitigate and manage their risk. HITRUST offers a framework that allows for consistent implementation of the HIPAA requirements, but generates many questions that need to be answered. Below are a few frequently asked questions that A-LIGN Partner, Gene Geiger, answers […]

Read More

Revision in MasterCard’s Cardholder Obligations: Does It Affect You?

MasterCard has revised its Standards to allow for collection agents to accept signature debit cards in the US. This revision is effective immediately and will be reflected in upcoming versions of MasterCard Rules. This change does not affect MasterCard’s credit transaction rules, and those transactions will remain prohibited as satisfactory payment for uncollectable obligations. The […]

Read More

Introducing APEX: A-LIGN’s ALTA Best Practices Examination

A-LIGN, a nationwide security and compliance solutions firms, has recently renamed its existing ALTA Best Practices Examination to APEX Best Practices. As an American Land Title Association (ALTA) Elite Provider, A-LIGN is dedicated to being an ally to those in the real estate, title, and loan processing industries. “As a firm, A-LIGN is trying to […]

Read More

What to Expect from PCI DSS 3.2

Earlier this year, we wrote about how to prepare for PCI DSS 3.2. Now, organizations should begin to implement changes with the PCI DSS 3.2 official release. These standards should be adopted as soon as is possible, as version 3.1 will expire on October 31, 2016 with all new requirements being implemented February 1, 2018 […]

Read More

PCI DSS Scoping for Colocation Providers: To Include or Not to Include?

Author: Dustin Rich, CISSP, (ISC)2, CISA, ISACA, PCI QSA, PA QSA, MCSE, CCNA, CCA, and Managing Consultant at A-LIGN. A-LIGN is heavily involved in the colocation industry, performing PCI DSS assessments as well as additional compliance audits to colocation providers throughout the US, as well as internationally. When approached by clients about adhering to PCI […]

Read More

Phase 2 of the HIPAA Audit Program Launches

Author: Gene Geiger, CPA, CISSP, CCSK, QSA, PCIP, ISO 27k LA, and Partner at A-LIGN. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced Phase 2 of the HIPAA Audit Program. Every covered entity and business associate will be eligible to be audited. Organizations will be identified by OCR […]

Read More

FedRAMP Accelerated

Author: Cheryl Zobel, Managing Consultant at A-LIGN. FedRAMP, or the Federal Risk and Authorization Management Program, is a government program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. The FedRAMP Program Management Office (PMO) has retooled the program, specifically to improve the processes in place and […]

Read More

ISO 27001: The Four Most Common Post-Certification Pitfalls

Author: Gene Geiger, CPA, CISSP, CCSK, QSA, PCIP, ISO 27k LA, and Partner at A-LIGN. Becoming ISO 27001 certified is a rigorous process for most organizations but the work should not stop after receiving the sought after certification. We want to ensure that your organization does not fall victim to these common pitfalls so that […]

Read More

HITRUST Assessment Scoping Guidelines

We are asked routinely “which controls will A-LIGN test as part of the HITRUST assessment?”.  The answer to that question depends on the environment and the outcome of the scoping process.  Scoping occurs in the initial phases of your HITRUST assessment process in order to determine which controls will be included in your assessment. When […]

Read More