Compliance

Hacking The Holidays: Protect Your Credit Card Information

Unfortunately, the Grinch is not the only one out there wishing to steal Christmas.  While the holidays generally encompass a time of joy and giving, it can also bring with its share of troubles.  It is during these times that people will most often let their guard down.  In the search for the best deal, […]

Read More

Vendor Due Diligence & Contract Review: Getting Your Regulatory & Compliance Requirements in Order for the New Year

Most people make their New Year’s resolutions on New Year’s or just after it.  But when it comes to regulatory and compliance requirements, all companies should be looking to make their resolutions in the fall.  Take a cue from retail.  As we walk through a mall, it’s not even Thanksgiving but the holiday decorations are […]

Read More

It’s Time For An Upgrade: Transitioning Your Current ISMS From ISO 27001:2005 To ISO 27001:2013

A new version of ISO 27001 has been issued and if it’s your job to upgrade your company’s ISO 27001 program from 2005 to 2013, we’re here to help.   The standard was revised for a number of reasons including addressing new technology, to comply with the ISO/IEC directive and make compliance simpler for organization that […]

Read More

Risk. Regulatory. Revenue: The A-LIGN R3 Framework

  You’ve seen the news reports:  56 million debit and credit cards used at Home Depot are at risk from a security breach that happened last month.  An estimated 40 million debit and credit card records were stolen from Target last year.  If security breaches can happen to these multi-billion dollar companies, it can happen […]

Read More

Understanding the PCI Security Standards Council’s Information Supplement on Third-Party Security Assurance

By: Vincent Booker, Senior Consultant at A-LIGN Understanding the PCI Security Standards Council’s Information Supplement on Third-Party Security Assurance: What You Should Be Asking Based on the New Requirements and Guidance. Third-Party Security Assurance As companies expand their reliance on third-party services providers (“TPSP”s) to store, process, or transmit cardholder data (“CHD”) or manage components […]

Read More

Does Your SOC Report Address Subservice Organizations Using the Carve Out or Inclusive Method?

By: Peter Clarke, Managing Consultant at A-LIGN A subservice organization is an entity that is used by the service organization to perform some of the services provided to customers (user entities).  An example of a common service provided by a subservice organization would be a company that offers their data center to a cloud provider […]

Read More

How to Differentiate Your Title Agency for Success in a Dynamic Market

By: Blaise Wabo, Senior Consultant at A-LIGN In 2012 the Consumer Financial Protection Bureau (CFPB) released a bulletin related to service providers’ oversight, in which they expect supervised banks and nonbanks (lenders) to oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law, which is designed to […]

Read More

School’s Back in Session – How to Stay Updated on Regulations

By: Sue Wells, Senior Consultant at A-LIGN One of the most important areas that clients of compliance professionals count on is that their third-party “expert” will stay current on relevant regulations. I’d like to share some of the ways compliance professionals keep current with regulations, which will also work for busy industry and technology professionals. […]

Read More

Understanding the Impact of Testing Exceptions in Type 2 SOC 1 and SOC 2 Reports

By: Ivan Reyes, Senior Consultant at A-LIGN Standards for Attestation Engagements No. 16 (“SSAE 16”) is an attestation standard whereby a service organization’s auditor issues an opinion on a service organization’s internal controls over financial reporting (ICFR). This is delivered in the form of a Service Organization Controls 1 (“SOC 1”) report. The report represents […]

Read More

How to Gain Efficiencies When Adding PCI DSS to Your SSAE 16 or SOC 2 Report

By: Lori Crooks, Managing Consultant at A-LIGN If you process, store or transmit credit card data and already have a SSAE 16 or SOC 2 report, you might be considering adding on a PCI DSS assessment – and it isn’t as painful as you may think! There are controls, such as physical security, logical access, […]

Read More