ISO 27001 Certification Process Whitepaper A-LIGN

The ISO 27001 Certification Process

ISO 27001 can help organizations reduce risk, optimize operations within an organization due to clearly defined responsibilities and business processes, and build a culture of information security.

Migrating to AICPA’s Updated SOC 2

Following the Trust Services Criteria (TSC) section 100 publication in 2017, the AICPA announced the finalized revisions for the SOC 2 guidance which will be required for SOC 2 reports with review periods ending after December 15, 2018.

Understanding the New SOC 2 Guidelines WP Square

Understanding the New SOC 2 Guidelines

In 2017, the AICPA published revisions to the Trust Services Criteria for security, availability, processing integrity, confidentiality or privacy, codified as TSP Section 100. This updated guidance is required for SOC 2 examinations with a review period ending after December 15, 2018.

Privacy Revolution Webinar

The Privacy Revolution

With the global influence of both the GDPR enforcement and the Facebook discovery, organizations are under scrutiny for their privacy practices. Following these events, the industry anticipates new standards and laws increasing consumer privacy rights.

GDPR Compliance ToolKit A-LIGN

GDPR Toolkit

We continue to receive questions from organizations trying to understand how they can get ahead of the privacy curve, comply with GDPR standards and avoid the fallout. Our privacy team has assembled the GDPR Toolkit to help our clients and any organization concerned about how the privacy landscape will impact their organization, its clients, and its ability to do business.

Halfway to the Summit: Security & Compliance in 2018

Since the beginning of 2018, organizations anticipated and put resources in place to understand the impact of the Internet of Things (IoTs), ransomware, blockchain, and other emerging technologies. However, 6 months into the year, have the top concerns changed?

State of Cybersecurity Florida Report: 3 Takeaways

A-LIGN’s Director of Cyber Risk and Privacy, Petar Besalev reviews the three major cybersecurity trends affecting Florida businesses and Florida citizens. The review is based on the 2017 State of Cybersecurity in Florida report developed by The Florida Center for Cybersecurity (FC2) and Gartner Consulting.


Compliance in the Cloud – Uncovering Your Risks & Audit Options

As organizations continue to move to the cloud, security concerns are playing an important role in selecting a cloud service provider. Achieving compliance in the cloud can be a daunting experience, especially as it pertains to determining whose responsibility it is to address cloud computing regulations and requirements, and to ensure security.

State Lottery


Information Technology

Government and Public Sector

Financial Services

Payroll Processing

Document Management

Legal Services

Payment Card Processing

Accounts Receivable Management and Collections

Real Estate, Title, and Loan Processing

Transportation and Logistics

Colocation and Managed Services


New PCI DSS 3.2 Service Provider Requirements in Effect – Are You Ready?

With the effective date of February 1, 2018, service providers must now adhere to the new PCI DSS Version 3.2 requirements. To help prepare for these new requirements, A-LIGN’s Senior Manager, Dustin Rich, will review the new PCI DSS 3.2 requirements.

SOC for Cybersecurity-Square-01-400x400

Meet Shareholders and Compliance Needs with a SOC for Cybersecurity

As the cybersecurity landscape evolves and data breaches become more frequent, it's imperative organizations demonstrate and maintains the security of their information. To accommodate these emerging challenges, the AICPA developed SOC for Cybersecurity.


Achieving PCI Compliance for Higher Education in 2018

As universities gear up their compliance initiatives for 2018, A-LIGN examines industry trends, citing emerging risks, new technologies and updated requirements that make it necessary to achieving PCI compliance for higher education in 2018.

GDPR Preparedness: Ensuring Compliance

The deadline for organizations to comply with the General Data Protection Regulation (GDPR) has passed. However it's never too late to become compliant.


Securing Privacy: Understanding the Impact of GDPR

The deadline to comply with the General Data Protection Regulation (GDPR) is May 25, 2018. This regulation affects any organization that processes and/or handles the information of European Union citizens.


The Ultimate Cyber Defense Guide

Through identifying emerging trends, highlighting industry statistics, and providing preventative tips, organizations can begin strategizing and implementing effective cybersecurity.


Future of Healthcare: The Transforming Healthcare Industry

The healthcare sector is regarded as one of the fastest evolving industries in the nation. This transformative environment is pushing organizations to provide unique solutions while handling new challenges.


Using HITRUST CSF v9 to Meet Your Compliance Requirements

With the release of HITRUST CSF v9, Senior Consultant and HITRUST CCSFP, Blaise Wabo, discusses the latest evolution of the HITRUST CSF.

Risk Response-Webinar-Website-01

Risk Response: Establishing a Plan for Business Continuity and Disaster Recovery

The FDIC has created guidance to more-clearly supervise financial institution contracts with TSPs as they relate to business continuity planning.

Steps GDPR Compliance A-LIGN

Taking Steps Towards GDPR Compliance

The deadline for organizations to comply with the General Data Protection Regulation (GDPR) is May 25, 2018. Are you prepared?


Preparing for the Transition to SOC 1 Under the SSAE 18 Attestation Standard

The SOC 1/SSAE 18 was released by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) providing assurance regarding the controls at a service organization relevant to the user entities’ internal control over financial reporting.


Cyber Defense Guide: Part 2

In part 2 of our Cyber Defense Guide, our experienced assessors take a deeper look into breach statistics, review the types of social engineering and malware attacks, and provide actionable prevention tips.


Mastering the Limited Access Death Master File to Achieve Certification

The LADMF contains information about deceased persons that is used by financial and credit firms, as well as government agencies, to match records and prevent identity fraud.


Moving on Up: Migrating from SSAE 16 to SOC 1/SSAE 18

Any SSAE 16 report with an opinion dated on or after May 1, 2017, will be issued under the new SSAE 18 standard.


Cyber Defense Guide: Part 1

As we look at the breach landscape, it becomes apparent that continued education is necessary in order to protect information. A-LIGN discusses the cybersecurity landscape, the different types of hacks that your organization could face, and 10 actionable tips to prevent hacking in your organization.


Putting the Pieces Together: What is HITRUST and how does it fit into the compliance puzzle?

HITRUST is the sum of multiple audit standards and serves as a comprehensive certification for those in the healthcare industry.


The Survival Backpack: Gearing up for Compliance in 2017

In 2016, as many standards and methodologies, such as PCI DSS, FedRAMP and HITRUST were met with revisions, we look at how to appropriately implement these changes for your organization. 


The Song Remains the Same: A Decade of Unchanged Security Vulnerabilities

A decade of security innovation and awareness, combined with maturing compliance standards have improved our security culture. However, the same security vulnerabilities found in 2006 continue to appear today in standard penetration testing.


How to Avoid Common PCI DSS Assessment Pitfalls

There are a few basic issues that plague many companies when it comes to attempting to comply with (and maintain compliance with) the most prescriptive security frameworks in information security: The Payment Card Industry – Data Security Standards (PCI DSS).


Going for Gold: Becoming ALTA Best Practices Certified

As Michael Phelps and Katie Ledecky make their way home from the Olympics in Rio, A-LIGN’s experienced assessors consider the journey that organizations take to “Go for the Gold” and become ALTA Best Practices certified.


What is the Right Audit for Your Title Company?

While there is no one audit that fits all, nor is there an audit that is currently required within the industry, the answer to our question in the title of this whitepaper is driven by your stakeholder’s request and your organizational objectives.


Preparing for a PCI DSS Audit: Top 10 Key Issues

Does your organization know how to successfully prepare for a PCI DSS assessment? Without proper preparation, a PCI DSS audit can become more time and resource intensive than necessary.


SOC 1 and SOC 2: Weighing Your Compliance Options

Organizations are constantly asking A-LIGN’s experienced assessors about the audit options that make sense for their organization.


“Failed” Your SOC Examination? Here’s Why

While you theoretically cannot fail a SOC examination, there are SOC reports that have control design or operating deficiencies, which result in the audit report opinion to be modified or qualified.


Outline of Revisions in PCI DSS 3.2

In light of the release of PCI DSS 3.2, A-LIGN has assembled a detailed outline of the changes in PCI DSS 3.2 including implementation timelines, changes to the requirement, and changes to the assessment procedure..


Breached: Now What?

Data breaches are on the forefront of our minds as they occur with increased frequency and severity. Data breaches can be disastrous for not only the victim organization, but for an entire chain of affected entities.


Building HITRUST: Related Frameworks, Scoping and Scoring

At the core, HITRUST CSF (Common Security Framework) is build upon other standards and authoritative sources relevant to the healthcare industry, including ISO 27001, NIST SP 800-53, and HIPAA: Security, Breach and Privacy rules.


What are the Top Policies and Procedures Needed for a SOC 2 Audit?

The core of SOC 2/AT 101 Examinations is based upon the AICPA’s Trust Services Principles (TSPs).  The TSPs mandate that an organization has information documented regarding their security and operational policies, procedures, and processes in place for consistent compliance.


How HITRUST Mitigates the Challenges Facing Healthcare

Healthcare currently faces strict regulatory needs, causing many challenges when considering the options for risk management and mitigation. In order to ease these challenges, HITRUST can be implemented to minimize risk and alleviate healthcare pain points.


Keeping E-commerce Safe: Key PCI DSS Requirements

Every day, card data is pilfered from both Point-of-Sale (POS) and web-facing merchants. This presentation will focus on key, and often ignored, PCI requirements that provide greater safety to your business. 


Active Shooters in the Workplace: Are You Prepared?

Violence in the workplace has always been a concern for companies. With the dramatic rise of shooting incidents in the workplace over the last few years, companies are realizing that their current employee safety procedures have not kept up with the times.


Implementation to Certification: Practical Discussion on ISO 27001

A-LIGN President Gene Geiger and OrangeParachute Founder Travis Hyde discuss the current state of information security, the relevance of the international standard ISO 27001, and the top-down approach benefits of becoming certified.


Relevant Audit Selection for Cloud Providers

We detail the different kinds of audits that are applicable to the Cloud industry based on what kind of service they provide: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).


A-LIGN’S Cybersecurity Defense Guide

2014 was an eye-opening year in regards to cybersecurity. In this whitepaper, we explore the different attacks that happened and give detailed insight into how to protect your organization from attack.


Migrating your ISMS from ISO 27001 2005 to 2013

We give a simplified overview to the complex task of transitioning your ISO 27001 program from 2005 to 2013.


9 Critical Payroll Pain Points

Dr. Daniel Selby, PhD, CPA, CISA, professor-in-residence at A-LIGN, has written this whitepaper to inform payroll professionals on nine issues that are critical to their ability to process payroll.


Security Awareness Boot Camp: Train Employees to be Your First Line of Defense

President Gene Geiger hosts the A-LIGN Security Awareness Boot Camp! Our boot camp is designed to take viewers through rigorous course objectives that will strengthen their knowledge of information security and improve their reaction to potential threats.


Happy Birthday ‘SOC’ – Farewell SAS 70

The goal of the discussion is to outline the lessons we have learned as service auditors and service organizations over the last year.


ISO 27001 Certification: An All-Access Pass

As a globally recognized security standard, the ISO 27001 certification is gaining traction in the U.S. as more companies are pursuing the certification to meet contractual obligations or to gain a competitive advantage.


Preparing for the COSO Framework Deadline: What Do I Need to Update Prior to December 15, 2014?

By December 15, 2014, all organizations utilizing the COSO Framework will need to complete their updates. The concepts underlying the 5 COSO components have now been codified as principles and must be satisfied as part of your framework.


Defend Your Data: Cybersecurity Lessons Learned from 2014

Learning from the cybersecurity incidents of 2014, Gene Geiger, President at A-LIGN will host a webinar during which Marc Rubbinaccio, Senior Consultant at A-LIGN, will review the incidents, identify common themes, and discuss how organizations can strengthen their information security.


SSAE 16 or SOC 2? Knowing What Path is Right for Your Company

Chief Executive Officer, Scott Price and Director of Compliance, Steve Simmons take a comprehensive look at‪ SOC1/SSAE 16 and SOC 2 audits.

Audit Survival Kit: How to Plan, Prepare and Achieve Compliance

This webinar discusses how to determine the right security or compliance assessment for your organization.


Countdown to Compliance: What You Need to Know for PCI 3.0

The goal of this webinar is to provide highlights of the changes in the PCI DSS standard from Version 2.0 to 3.0, discuss the required implementation timeline and how organizations should approach these changes.


CFPB Examination – Getting Your Agency Ready!

The goal of this webinar is to provide a high-level overview of the key areas that Collection Agencies should focus on as they prepare for the CFPB Examination.


PCI Data Security Standard Implementation Challenges – An Industry Perspective

The goal of this webinar is to provide a high-level overview of the Payment Card Industry Data Security Standard (PCI DSS), outline implementation challenges, and provide real-world examples of industry specific hurdles.


Reducing Audit Impact by A-ligning PCI DSS, SOC 1 & 2 Requirements

The goal of this webinar is to equip organizations that undergo multiple compliance audits annually by aligning PCI DSS, SOC 1 & 2 requirements with guidance on how to better prepare for, schedule, and undergo audits from external auditors.