Cyber Risk and Privacy

CPRA vs. CCPA: What’s the Difference? 6 Key Changes to Understand

CPRA-vs-CCPA

Less than one year after the CCPA took effect, California passed another consumer privacy law: the CPRA. Here are six changes to help you understand CPRA vs. CCPA. 

Read More

The A-LIGN Advantage: Unify Your Audit Experience across Multiple Standards with a Single-Provider Approach

The emergence of automated security and compliance solutions still leaves organizations with a problem: these point solutions are unable to provide independent third-party certification.

Read More

Three Best Practices to Prevent a Supply Chain Attack at Your Organization

Three Best Practices to Prevent a Supply Chain Attack at Your Organization

The SolarWinds supply chain attack rocked governments and businesses alike in late 2020. Help keep your organization safe with these three key steps.

Read More

Go Beyond the Privacy Policy

Go Beyond the Privacy Policy

Each year, Data Privacy Day is an opportunity for organizations of all sizes to think about their privacy posture.

Read More

AWS Audit Manager: Accelerating the Audit Lifecycle

AWS-Audit-Manager-blog

Earlier this month, Amazon Web Services (AWS) announced a new offering: AWS Audit Manager. This product was built to simplify the risk and compliance process for AWS customers – which is a big deal these days as cybersecurity audits take up more and more time from CISOs and IT Security teams.

Read More

4 Miscellaneous HITRUST Regulatory Factors to Consider

4 Miscellaneous HITRUST Regulatory Factors to Consider

Over the last few blogs, we have provided a comprehensive overview of the HITRUST landscape, from the authoritative sources at its core, to the optional regulations, or regulatory factors, that are commonly added on to a HITRUST assessment for industry-specific purposes.  

Read More

How European Companies Can Accelerate International Expansion with SOC 2 Compliance

WS EMEA Accelerate Expansion SOC2

The United States represents an attractive market for many European companies, but international expansion can be fraught with risk because of a completely different regulatory landscape. 

Read More

Privacy Shield and the GDPR: Inadequate Protection for Cross-border Data Transfers

Privacy Shield and the GDPR

On July 16, 2020, the Court of Justice of the European Union (CJEU) issued a landmark judgement that Privacy Shield is “invalid” because it does not provide “adequate protection” under Article 45 of the General Data Protection Regulation (GDPR) for transfers of personal data of individuals located in the European Union to the United States.

Read More

ISO 27701 Streamlines Data Privacy, Incorporates GDPR and CCPA concepts into Certifiable Standard

ISO 27701 Streamlines Data Privacy A-LIGN GDPR CCPA

Let A-LIGN guide your journey from Information Security Management System (ISMS) to Privacy Information Management System (PIMS)

Read More

Myth-Busting
Strategic Compliance:
Fact and Fiction

myth-busting-strategic-compliance

The most profound change that IT leaders need to make in their approach to strategic compliance is to their own mind. There are many self-imposed limiting beliefs that must be overcome.

Read More