Compliance

Preparing for PCI DSS 3.2 in 2016

  Author: Dustin Rich, CISSP, (ISC)2, CISA, ISACA, PCI QSA, PA QSA, MCSE, CCNA, CCA, and Managing Consultant at A-LIGN. This update, which will likely take place of the previously anticipated Q4 2016 update, will include changes that aim to take into account “market feedback” while also observing “trending attacks causing compromises.” Specific changes noted […]

Read More

Strengthening the Cloud: ISO 27017 and ISO 27018

As the global usage of cloud technology continues to grow, businesses must strategically consider the risk of storing protected information and explore security options in order to protect their information systems. There are multiple security standards for cloud services providers and users to utilize in order to secure the cloud-based environment and minimize potential risk […]

Read More

An Overview of the HITRUST CSF and Related Frameworks

The HITRUST CSF is a comprehensive, certifiable security framework that pulls from HIPAA/HITECH, ISO 27001, NIST SP 800-53, COBIT, and PCI DSS, combining them to create a powerful framework. The HITRUST CSF provides an integrated, prescriptive framework that works with the needs of the healthcare industry in order to comply with the necessary standards. This […]

Read More

HITRUST Assessment Types & HITRUST Integration with SOC 2

Don’t make the climb to compliance more difficult than it has to be. With a comprehensive framework for organizations of any size, system or regulatory requirement, the HITRUST CSF allows for organizations to easily assess their current compliance while providing implementation requirements based on an organization’s risk factors. Types of HITRUST Assessments HITRUST has two […]

Read More

Understanding the HITRUST Specification and Scoring

HITRUST’s Risk Management Framework In order for an organization to better assess potential risks and create safeguards for adequate protection of potentially sensitive information, HITRUST has created a comprehensive risk management framework that supports a basic 4-step process: Identify risks and define the protection requirements Specify controls Implement and manage controls Assess and report A-LIGN’s […]

Read More

The Challenges Facing Healthcare & How HITRUST Can Help

The Healthcare industry currently faces strict regulatory needs, causing many challenges when considering the options for risk management and mitigation. These challenges include but are not limited to: Inconsistent implementation of acceptable minimum controls. Inefficiencies associated with varying interpretation of control objectives and safeguards. Increasing scrutiny from regulators, auditors, underwriters, customers and business partners. Growing […]

Read More

The Do’s and Don’ts of Bridge Letters (SSAE 16 Reporting)

You finally received your SOC 1/SSAE 16 report, only to realize that your coverage does not cover the entire year. So what happens in the remaining months of the year beyond the coverage of the report? Is it necessary that you receive another report to cover the remainder of the year? Does your previous report […]

Read More

CFPB, the Automotive Industry, Technological Services and Beyond

Who needs to be prepared for the CFPB exam and who does it affect? The Consumer Financial Protection Bureau (CFPB) Exam is an extensive audit to supervise consumer finance markets including: Banks Credit unions Financial agencies Debt collection agencies However, financial institutions are not the only ones that need to be prepared in the event […]

Read More

Provide Peace of Mind to Lenders and Consumers with the A-LIGN Difference

The A-LIGN Difference = Peace of Mind + Trusted Advisor + Competitive Advantage Most lenders/stakeholders now ask title insurance and settlement companies to demonstrate compliance with ALTA’s Best Practices. There exists a lot of uncertainty and confusion in the industry as to how a title insurance and settlement company can demonstrate compliance with ALTA’s Best […]

Read More

Nuances of the American Land Title Association (ALTA) Best Practices Assessments

How do I get ALTA certified? Which audit should I do? What is the difference between a SSAE 16, SOC 1, SOC 2 and AT 101? What is the difference between an examination, review and agreed-upon procedures engagement? Will my lender accept the report I provide to them? These are just some of the few […]

Read More