Compliance

A-LIGN’s ALTA Best Practices: Engagement Options Guide

American Land Title Association (ALTA) Best Practices: Engagement Options Most people in the industry are confused as to what to do as it comes to ALTA Best Practices assessments and are even more confused when they read so many articles in the press or hear different opinions from industry experts. As a visual learner, I […]

Read More

A Breach in the Hull: HIPAA Breach Notification Requirements

If health information is compromised, do you know your organization’s responsibilities related to breach notification of electronic protected health information (ePHI)?  The responsibilities of your organization for breach notification depends on a few items, including: Whether you are a covered entity or a business associate The timing of when the breach occurred and when the […]

Read More

It’s Time For An Upgrade: Switching from ISO 27001:2005 to 2013

As a reminder a new version of ISO 27001 has been issued and the deadline for updating your company’s ISO 27001 program from 2005 to 2013 is quickly approaching.  There are some significant changes to ISO 27001 in the newest 2013 edition.  Utilizing the guidelines in ISO 27001:2013 will improve the standardization and operations of […]

Read More

How SOC Audits Can Help Save on Errors & Omissions Insurance

As many companies look to reduce costs, one cost that continues to rise as the company grows is Errors and Omissions (E/O) insurance premiums. Both company liability and personal liability of the board of directors and owners is a topic that continues to be a focus of litigation. One of the ways a company can […]

Read More

The New Standard: PCI DSS 3.1

On April 15, 2015, The PCI Security Standards Council published the PCI DSS Version 3.1.  Within the update, there were 3 types of changes that were noted.  They included: Clarifications: Clarifies the intents of the requirements.  Additional Guidance: Explanations with the purpose of providing further information on the requirements. Evolving Requirement: Changes to the requirements […]

Read More

Nine Payroll Pain Points

 Dr. Daniel Selby, PhD, CPA, CISA has written a whitepaper for A-LIGN entitled, “Nine Critical Payroll Pain Points and What Payroll Professionals Should Do About Them?”  An excerpt from Dr. Selby’s summary on LinkedIn:

Read More

Relevant Audit Selection for Cloud Providers

Just as in physical storage, cloud service providers are used to store sensitive data.  This can be anything from credit card information to personal information such as social security numbers.  There are three key cloud services:  Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).  The storage of […]

Read More

SOC Vendor Due Diligence for Title Agencies

The American Land Title Association (ALTA) Best Practices Framework has been developed to assist lenders in satisfying their responsibility to manage third party vendors. ALTA members advocate a safe and efficient transfer of real estate and have high standards when searching land title records and preparing insurance documents. To provide the best possible chance of […]

Read More

FedRAMP Releases Updated Logo & FedRAMP Forward

  FedRAMPSM has released their newly redesigned logo in coordination with the release of “FedRAMP Forward: 2 Year Priorities.”  FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.  

Read More

Countdown to PCI DSS 3.0 : Lessons Learned from Early Adopters

As most of us know, the PCI DSS assessment effectively moved from version 2.0 to 3.0 at the beginning of 2014.  The new 3.0 version raises security standards to help organizations focus more on the actual payment security aspect rather than the compliance itself.  Having performed many PCI DSS 3.0 assessments this year, we want […]

Read More