SOC 1 Auditing and Reporting Services

SOC 1 reporting provides assurance regarding the controls at a service organization relevant to the user entities’ internal control over financial reporting, set forth by the Statement on Standards for Attestation Engagements No. 18 (SSAE 18), which focuses on internal controls at services organizations that affect their clients’ financial statements.

SSAE 16 vs. SOC 1/SSAE 18 Reporting

Obtaining a SOC 1/SSAE 18 report differentiates your service organization by demonstrating the establishment of effectively designed controls, which subsequently provides clients with peace of mind to engage with your organizations.

The SSAE 18 audit standard superseded the SSAE 16 report, effective May 1, 2017. Any report issued with an opinion date on or after May 1, 2017, will be issued under the new SSAE 18 standard. The major changes present in SSAE 18 include:

  • Vendor Management
  • Complementary Subservice Organization Controls
  • Written Assertion Requirement

Benefits of Obtaining a SOC 1 Report

Obtaining a SOC 1 report allows user auditors to reduce the amount of audit testing and rely on the service auditor’s report regarding the internal controls at the service organization. Other benefits include:

  • Gaining a competitive advantage against similar service organizations who have not received a SOC 1 report
  • The ability to meet contractual requirements
  • Benchmark your controls
  • Revenue growth due to an increase in clientele
  • Increased client satisfaction due to a sense of security over sensitive information

Why Choose A-LIGN?

  • A-LIGN’s professionals have performed over 4,000 SOC 1 audits for firms in a variety of industries
  • Our customer service is unparalleled in our industry. A-LIGN will be with your company every step of the way, making for a smooth and stress-free process
  • A-LIGN’s leadership possesses over 20 years of experience in the SOC assurance industry

LET US ANSWER YOUR QUESTIONS ABOUT SSAE 18 AND HOW IT APPLIES TO YOUR COMPANY. REQUEST A COMPLIMENTARY CONSULTATION!

CALL 1-888-702-5446 OR COMPLETE THE FORM ON THIS PAGE.

Our Values:

Be All In.  Commit to Quality.

Constantly Innovate.  Do The Right Thing, Always.

SOC 1 Examination

We help your organization achieve SOC 1 compliance.

SOC 1 (System and Organization Controls) examinations can take your organization to the next level by supplying your customers with assurance regarding the controls in place in your environment that impact their financial reporting. Their organization rests easy, your organization climbs higher.

Why Choose A-LIGN?

The A-LIGN team is able to help your organization with any of its SOC 1 initiatives, including Type 1, Type 2 and Readiness Assessment reporting. Why choose A-LIGN? Here’s the A-LIGN difference:

  • A-LIGN has performed more than 1,300 successful SOC 1 audits, with a 94% client satisfaction rating.
  • Our team is able to streamline the audit process through our proprietary governance, risk management, and compliance (GRC) tool, A-SCEND.
  • Our leadership team consists of former “Big 4” executives with more than twenty years of experience who have served on the FICPA Board of Governors and assisted in the development of the AICPA SOC School Curriculum. This experience provides your organization with expertise designed to streamline your SOC 1 audit process.

Elevate your customer’s confidence with a SOC 1 report.

SOC 1 reporting can offer your organization the following benefits:

  • Earn new clientele and retain existing clients, resulting in revenue growth.
  • Increased client satisfaction due to a sense of security over sensitive information.
  • Gain a competitive advantage against similar service organizations who have not received a SOC 1 report.

Fill out the form on this page or call 1-888-702-5446 for a complimentary consultation!

What are the Top Policies and Procedures Needed for a SOC 2 Audit?

Safeguard your clients’ data.

The core of SOC 2 Examinations is based upon the AICPA’s Trust Services Principles (TSPs). The TSPs mandate that an organization has information documented regarding their security and operational policies, procedures, and processes in place for consistent compliance. For your convenience, A-LIGN has compiled the top twelve policies and procedures for any service organization to establish when undergoing a SOC 2 Examination.

 

Please fill out the form to receive your complimentary copy

3 Steps to Achieve GDPR Compliance

Have You Met GDPR’s May 2018 Deadline?

How can your organization achieve GDPR compliance? Consumer privacy continues to become a mounting concern for organizations and with the implementation deadline for GDPR passed the focus on privacy has increased.

Implementing the appropriate processes and understanding the privacy environment can improve your organization’s ability to manage consumer privacy and build consumer trust. Our assessors walk your organizations through the 3 steps needed to achieve GDPR compliance.

Steps to Achieving GDPR Compliance

For organizations that are within the scope of the GDPR, the following steps can help your organization achieve compliance. These steps can be completed through a gap assessment performed internally or through a third-party assessor, like A-LIGN.

Step 1: Evaluate overall readiness

Can your organization meet the key requirements? To prepare for GDPR, your organization should:

  • Create or update its information security and privacy policy and procedures
  • Have availability to quickly respond to data subject access requests
  • Regularly audit privacy management program to ensure continued compliance
  • Train personnel on privacy requirements and obligations
  • Maintain a record of all processing activities under its responsibility
  • Review its vendor management program to ensure adequate protections are in place with third-party vendors and sub-processors to protect personal data under the GDPR

Additionally, when assessing overall readiness, your organization should consider the processing activities, non-sensitive personal data, and “special categories” of personal data that your organization may handle, collect or process.

Step 2: Gap Identification

Gap identification should assess the current privacy posture of your organization and its compliance with the 99 articles of the GDPR.  Your organization should determine its responsibility as a data controller, data processor, or joint-controller. This will be the primary variable in determining your organization’s obligations under the GDPR.

Step 3: Gap Mitigation & Remediation

Once your organization determines its compliance gaps, it should implement appropriate protections to mitigate all identified gaps. Having an independent third-party review of your organization’s policies and procedures can help ensure that your organization is able to meet its obligation for GDPR compliance.

Penalties for Non-Compliance

Non-compliance can result in:

  • A warning in writing in the cases of first and non-intentional noncompliance
  • EU Commission-directed data protection audits
  • Restricting access to data, including definitive and permanent bans
  • Loss of the organization’s ability to operate in the EEA and EU Member States
  • A fine of up to €20,000,000 or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, which is greater
  • Damaged reputation

What is a GDPR Gap Assessment?

For organizations who do not understand how GDPR may apply to their environment, or who are unsure of their ability to meet the GDPR requirements, a gap assessment can be valuable. A gap assessment offers a solution to organizations by ensuring that a comprehensive analysis has been completed, allowing your business to adopt risk-measured responses for any gaps identified.

Why Conduct a GDPR Gap Assessment?

Conducting a GDPR gap assessment can provide the following benefits:

  1. Enhanced Security and Privacy Posture: Ensure that your organization can secure and protect the availability, confidentiality, and integrity of the information that it handles, as well as the privacy and proper use of data subjects’ data.
  2. Improved Reputation: Provide current and potential customers confidence that your organization is doing everything to protect the privacy of their information.
  3. Validation of Compliance: Limit your organization’s exposure to the GDPR enforcement penalties due to non-compliance. Compliance with the GDPR ensures that your organization can continue operating in the EEA and the EU Member States.

Achieve GDPR Compliance

Is your organization ready to take the first step towards GDPR compliance? A-LIGN’s assessors are available to assist your organization in understanding the impact of GDPR on your organization, as well as any gaps that your organization may have that affect GDPR compliance.

 

Securing Privacy: Understanding the Impact of GDPR

Prepare for GDPR Compliance.

The deadline to comply with the General Data Protection Regulation (GDPR) was May 25, 2018.

This regulation affects any organization that processes and/or handles the information of European Union citizens. Do you understand the impact GDPR may have on your organization?

 

Please fill out the form to receive your complimentary copy

GDPR Preparedness: Ensuring Compliance

The deadline for organizations to comply with the General Data Protection Regulation (GDPR) has passed. However, it’s never too late to become compliant.

Aimed at enacting strong consumer protection laws, the GDPR affects any organization that processes or handles the information of European Union citizens.

A-LIGN Director of Cyber Risk and Privacy, Petar Besalev, and SpringCM VP of Operations Chris King will discuss the data privacy and security environment, review the requirements set within the GDPR, and discuss compliance options for your organization.

In this webinar, Petar and Chris will cover the following:

  • What is GDPR and how it impacts your organization
  • Discuss ways to achieve GDPR compliance
  • Review benefits of GDPR compliance to building global relationships
  • Detail the effects of noncompliance

The Ultimate Cyber Defense Guide

Strategize Your Cybersecurity.

Our experienced assessors created The Ultimate Cyber Defense Guide to provide valuable insights to help organizations understand and navigate the digital landscape.

By identifying emerging trends, highlighting industry statistics, and providing preventative tips, organizations can begin strategizing and implementing effective cybersecurity.

 

Please fill out the form to receive your complimentary copy

SOC 2 Compliance

Meet the needs of your clients in the United States with a SOC 2 Assessment.

SOC 2 (System and Organization Controls) examinations can elevate your organization by providing your customers with assurance regarding the controls in place that protect the systems or data you have access to. Our testing is based on the defined principles and criteria published by the United States’ American Institute of Certified Public Accountants (AICPA). Your report must cover the common criteria/security, but can also cover availability, processing integrity, confidentiality, and privacy. Are you ready to anchor your organization with a SOC 2?

A-LIGN’s experienced local resources can meet your compliance needs.

The A-LIGN team is able to help your organization with any of its SOC 2 initiatives, including Type 1, Type 2, and Readiness Assessment reporting. Why choose A-LIGN? Here’s the A-LIGN difference:

  • A-LIGN has resources in Australia and New Zealand that can provide your organization with local assessors to meet your SOC 2 needs.
  • A-LIGN’s professionals have performed more than 1,200 SOC 2 audits, with a 94% client satisfaction rating.
  • Our team is able to streamline the audit process through our proprietary governance, risk management, and compliance (GRC) tool, A-SCEND.

Elevate your customer’s confidence with a SOC 2 report.

Your clients in the United States may require that you obtain a SOC 2 report to ensure that client data is effectively safeguarded to provide comfort to current and future clients. A-LIGN’s resources in Australia and New Zealand understand this requirement and are able to help your business:

  • Earn new clientele and retain existing clients, resulting in revenue growth.
  • Increase client satisfaction due to a sense of security over sensitive information.
  • Gain a competitive advantage against similar service organizations who have not received a SOC 2 report.

Fill out the form on this page or call +61(0)490-086-000 for a complimentary consultation!

 

FISMA Certification Services

We help your organization achieve FISMA certification.

The Federal Information Security Management Act (FISMA) of 2002 establishes security guidelines that federal agencies or those entities, which have outsourced agency business, must adhere to. FISMA requires specific documentation, policies, and procedures, and defined processes to be in place to meet the rigorous requirements of the National Institute of Standards and Technology (NIST) 800-171. A-LIGN’s understanding of the security requirements and experience conducting FISMA assessments allows us to assist your company’s FISMA compliance needs. By using Agency supplied templates or A-LIGN’s internally developed FISMA testing templates, A-LIGN can assist with your company’s FISMA compliance requirements.

Benefits of FISMA Certification

Whether your company is currently working with a federal agency or pursuing federal contracts, A-LIGN’s FISMA assessment report demonstrates your company’s compliance with NIST 800-171. As a comprehensive information security standard, the results of this report also demonstrates to your company’s non-federal customers and prospects the strong system of internal controls in place at your company.

Why Choose A-LIGN?

We understand that your company’s time is extremely valuable. A-LIGN’s FISMA assessment methodology was developed to ensure a timely and efficient assessment. Our team of security professionals has conducted FISMA assessments that were relied on by multiple federal agencies. Other qualities that set us aside from the rest include:

  • Our customer service is unparalleled in our industry. We will be with your company every step of the way, making for a smooth and stress-free process
  • Our team of security professionals possess extensive experience in NIST 800-53 compliance
  • Our streamlined security certification process allows for an organized and successful audit

LET US ANSWER YOUR QUESTIONS ABOUT FISMA & HOW IT APPLIES TO YOUR COMPANY. GET GUIDANCE FROM AN EXPERIENCED FISMA AUDITOR!

CALL 1-888-702-5446 OR COMPLETE THE FORM ON THIS PAGE.

FISMA Compliance Services

We help your organization become FISMA compliant.

The Federal Information Security Management Act (FISMA) of 2002 establishes security guidelines that federal agencies or those entities, which have outsourced agency business, must adhere to. FISMA requires specific documentation, policies, and procedures, and defined processes to be in place to meet the rigorous requirements of the National Institute of Standards and Technology (NIST) 800-53. A-LIGN’s understanding of the security requirements and experience conducting FISMA assessments allows us to assist your company’s FISMA compliance needs. By using Agency supplied templates or A-LIGN’s internally developed FISMA testing templates, A-LIGN can assist with your company’s FISMA compliance requirements.

Benefits of FISMA Compliance

Whether your company is currently working with a federal agency or pursuing federal contracts, A-LIGN’s FISMA assessment report demonstrates your company’s compliance with NIST 800-53. As a comprehensive information security standard, the results of this report also demonstrates to your company’s non-federal customers and prospects the strong system of internal controls in place at your company.

Why Choose A-LIGN?

We understand that your company’s time is extremely valuable. A-LIGN’s FISMA assessment methodology was developed to ensure a timely and efficient assessment. Our team of security professionals has conducted FISMA assessments that were relied on by multiple federal agencies. Other qualities that set us aside from the rest include:

  • Our customer service is unparalleled in our industry. We will be with your company every step of the way, making for a smooth and stress-free process
  • Our team of security professionals possess extensive experience in NIST 800-53 compliance
  • Our streamlined security certification process allows for an organized and successful audit

WE CAN ANSWER YOUR QUESTIONS ABOUT FISMA & HOW IT APPLIES TO YOUR COMPANY. REQUEST A COMPLIMENTARY CONSULTATION!

CALL 1-888-702-5446 OR COMPLETE THE FORM ON THIS PAGE.