Overlap and Differences Between the Revised SOC 2 Framework and ISO 27001
As market demand increases the need for organizations to demonstrate adequate internal control and risk management practices, many organizations are considering the combination of a SOC 2 report and an ISO/ IEC 27001:2013 (ISO 27001) certification.
A-LIGN’s Belay Approach
For many organizations, completing a SOC 2 examination for the first time can be a daunting task. For organizations that are unable to complete a readiness assessment, A-LIGN has revolutionized a unique audit approach that still provides some of the same benefits of a readiness assessment. Sticking true to our value of “Innovating Constantly,” A-LIGN has created an audit approach referred to as the Belay Approach.
Simplifying the Data Center Compliance Process with A-LIGN
Data center compliance can be a complex challenge due to the volume of locations that require audits, as well as the numerous standards required by customers across multiple service lines. That’s why national colocation firm vXchnge chose A-LIGN to help them protect their customers’ data.
The SOC 2 Examination Process
A SOC 2 audit provides both detailed information and assurance of the service organization’s controls relevant to security, availability, processing integrity, confidentiality or privacy of a given service or system. This whitepaper answers frequently asked questions regarding SOC 2 audits, describes the differences between a Type 1 and Type 2 report and outlines the SOC 2 Examination process.
The Path to PCI DSS Compliance: Cloudreach’s Journey with A-LIGN
Cloudreach, the world’s largest cloud-native company, partnered with A-LIGN to help them achieve PCI DSS compliance in 2018. In this whitepaper, A-LIGN and Cloudreach share the story of their journey together, the unique challenges they faced, the solutions that A-LIGN proposed and how Cloudreach achieved PCI DSS success.
Leveraging Your Compliance Report
Compliance examination reports are more than an attestation of your commitment to quality and security; they can drive revenue, build client trust and position your organization as a cybersecurity leader in your industry. In this whitepaper, A-LIGN will show you how your organization can leverage your compliance report for growth opportunities.
What to Expect
in PCI DSS 4.0
Watch A-LIGN’s PCI Practice Lead Dustin Rich as he explains PCI DSS and the road to PCI DSS 4.0. As the industry prepares for changes with the 4.0 update, now is a great time to look at what to expect from the new update and review the successes and challenges of PCI DSS 1.0-3.0.
FedRAMP, FISMA and NIST:
Understanding Federal Compliance
Every day, the federal government processes large amounts of data, including financial information, personal information, issues of national security and intellectual property and patents. A-LIGN takes a deeper look at the compliance process and how FedRAMP, FISMA and NIST 800-171 can benefit your organization.
The HITRUST CSF
The HITRUST CSF is a robust and scalable framework for managing regulatory compliance and risk management of organizations and their business associates. Originally designed specifically for the healthcare industry, the HITRUST framework has found success across multiple industries thanks to its unifying regulatory requirements and recognized frameworks.
Cybersecurity examinations are an important undertaking for your organization, its health and projected future. Our helpful Cybersecurity Audit Buyer’s Guide helps you prepare by revealing inside tips to save time, money and resources.
What Are the Top Policies and Procedures Needed for a SOC 2 Audit?
The core of SOC 2 Examinations is based upon the AICPA’s Trust Services Criteria (TSC). The TSCs mandate that an organization has information documented regarding their security and operational policies, procedures, and processes in place for consistent compliance.
An Introduction to Hacking
Stay ahead of hackers by getting into the mind of one. A-LIGN’s Associate Manager and Penetration Tester, Van Bettis, reviews his experience as a hacker working to help organizations bolster information security and avoid hacks.
SOC 2 Report Types
Your organization needs a SOC 2, but how do you choose between a diagnostic report, readiness assessment, type 1 or type 2 report? This helpful guide will clarify the procedures required across each report type, as well as the expected deliverables.
The ISO 27001 Certification Process
ISO 27001 can help organizations reduce risk, optimize operations within an organization due to clearly defined responsibilities and business processes, and build a culture of information security.
Defend Against Cyber Invaders
The cyber invasion has begun. Are you prepared? Join the mission against cyber invaders and begin defending your organization today with our interactive infographic.
Understanding the New SOC 2 Guidelines
In 2017, the AICPA published revisions to the Trust Services Criteria for security, availability, processing integrity, confidentiality or privacy, codified as TSP Section 100. This updated guidance is required for SOC 2 examinations with a review period ending after December 15, 2018.
The Privacy Revolution
With the global influence of both the GDPR enforcement and the Facebook discovery, organizations are under scrutiny for their privacy practices. Following these events, the industry anticipates new standards and laws increasing consumer privacy rights.
We continue to receive questions from organizations trying to understand how they can get ahead of the privacy curve, comply with GDPR standards and avoid the fallout. Our privacy team has assembled the GDPR Toolkit to help our clients and any organization concerned about how the privacy landscape will impact their organization, its clients, and its ability to do business.
Halfway to the Summit: Security & Compliance in 2018
Since the beginning of 2018, organizations anticipated and put resources in place to understand the impact of the Internet of Things (IoTs), ransomware, blockchain, and other emerging technologies. However, 6 months into the year, have the top concerns changed?
State of Cybersecurity Florida Report: 3 Takeaways
A-LIGN’s Director of Cyber Risk and Privacy, Petar Besalev reviews the three major cybersecurity trends affecting Florida businesses and Florida citizens. The review is based on the 2017 State of Cybersecurity in Florida report developed by The Florida Center for Cybersecurity (FC2) and Gartner Consulting.
Compliance in the Cloud – Uncovering Your Risks & Audit Options
As organizations continue to move to the cloud, security concerns are playing an important role in selecting a cloud service provider. Achieving compliance in the cloud can be a daunting experience, especially as it pertains to determining whose responsibility it is to address cloud computing regulations and requirements, and to ensure security.
New PCI DSS 3.2 Service Provider Requirements in Effect – Are You Ready?
With the effective date of February 1, 2018, service providers must now adhere to the new PCI DSS Version 3.2 requirements. To help prepare for these new requirements, A-LIGN’s Senior Manager, Dustin Rich, will review the new PCI DSS 3.2 requirements.
Meet Shareholders and Compliance Needs with a SOC for Cybersecurity
As the cybersecurity landscape evolves and data breaches become more frequent, it's imperative organizations demonstrate and maintains the security of their information. To accommodate these emerging challenges, the AICPA developed SOC for Cybersecurity.
Achieving PCI Compliance for Higher Education
As universities gear up their compliance initiatives, A-LIGN examines industry trends, citing emerging risks, new technologies and updated requirements that make it necessary to achieving PCI compliance for higher education.
GDPR Preparedness: Ensuring Compliance
The deadline for organizations to comply with the General Data Protection Regulation (GDPR) has passed. However it's never too late to become compliant.
Securing Privacy: Understanding the Impact of GDPR
The deadline to comply with the General Data Protection Regulation (GDPR) is May 25, 2018. This regulation affects any organization that processes and/or handles the information of European Union citizens.
The Ultimate Cyber Defense Guide
Through identifying emerging trends, highlighting industry statistics, and providing preventative tips, organizations can begin strategizing and implementing effective cybersecurity.
Future of Healthcare: The Transforming Healthcare Industry
The healthcare sector is regarded as one of the fastest evolving industries in the nation. This transformative environment is pushing organizations to provide unique solutions while handling new challenges.
Using HITRUST CSF v9 to Meet Your Compliance Requirements
With the release of HITRUST CSF v9, Senior Consultant and HITRUST CCSFP, Blaise Wabo, discusses the latest evolution of the HITRUST CSF.
Risk Response: Establishing a Plan for Business Continuity and Disaster Recovery
The FDIC has created guidance to more-clearly supervise financial institution contracts with TSPs as they relate to business continuity planning.
Taking Steps Towards GDPR Compliance
The deadline for organizations to comply with the General Data Protection Regulation (GDPR) is May 25, 2018. Are you prepared?
Preparing for the Transition to SOC 1 Under the SSAE 18 Attestation Standard
The SOC 1/SSAE 18 was released by the Auditing Standards Board (ASB) of the American Institute of Certiﬁed Public Accountants (AICPA) providing assurance regarding the controls at a service organization relevant to the user entities’ internal control over financial reporting.
Cyber Defense Guide: Part 2
In part 2 of our Cyber Defense Guide, our experienced assessors take a deeper look into breach statistics, review the types of social engineering and malware attacks, and provide actionable prevention tips.
Mastering the Limited Access Death Master File to Achieve Certification
The Limited Access Death Master File (LADMF) contains information about deceased persons that is used by financial and credit firms, as well as government agencies, to match records and prevent identity fraud.
Cyber Defense Guide: Part 1
As we look at the breach landscape, it becomes apparent that continued education is necessary in order to protect information. A-LIGN discusses the cybersecurity landscape, the different types of hacks that your organization could face, and 10 actionable tips to prevent hacking in your organization.
Putting the Pieces Together: What is HITRUST and how does it fit into the compliance puzzle?
HITRUST is the sum of multiple audit standards and serves as a comprehensive certification for those in the healthcare industry.
The Survival Backpack: Gearing up for Compliance in 2017
In 2016, as many standards and methodologies, such as PCI DSS, FedRAMP and HITRUST were met with revisions, we look at how to appropriately implement these changes for your organization.
The Song Remains the Same: A Decade of Unchanged Security Vulnerabilities
A decade of security innovation and awareness, combined with maturing compliance standards have improved our security culture. However, the same security vulnerabilities found in 2006 continue to appear today in standard penetration testing.
How to Avoid Common PCI DSS Assessment Pitfalls
There are a few basic issues that plague many companies when it comes to attempting to comply with (and maintain compliance with) the most prescriptive security frameworks in information security: The Payment Card Industry – Data Security Standards (PCI DSS).
Going for Gold: Becoming ALTA Best Practices Certified
As Michael Phelps and Katie Ledecky make their way home from the Olympics in Rio, A-LIGN’s experienced assessors consider the journey that organizations take to “Go for the Gold” and become ALTA Best Practices certified.
What is the Right Audit for Your Title Company?
While there is no one audit that fits all, nor is there an audit that is currently required within the industry, the answer to our question in the title of this whitepaper is driven by your stakeholder’s request and your organizational objectives.
Preparing for a PCI DSS Audit: Top 10 Key Issues
Does your organization know how to successfully prepare for a PCI DSS assessment? Without proper preparation, a PCI DSS audit can become more time and resource intensive than necessary.
“Failed” Your SOC Examination? Here’s Why
While you theoretically cannot fail a SOC examination, there are SOC reports that have control design or operating deficiencies, which result in the audit report opinion to be modified or qualified.
Outline of Revisions in PCI DSS 3.2
In light of the release of PCI DSS 3.2, A-LIGN has assembled a detailed outline of the changes in PCI DSS 3.2 including implementation timelines, changes to the requirement, and changes to the assessment procedure..
Breached: Now What?
Data breaches are on the forefront of our minds as they occur with increased frequency and severity. Data breaches can be disastrous for not only the victim organization, but for an entire chain of affected entities.
How HITRUST Mitigates the Challenges Facing Healthcare
Healthcare currently faces strict regulatory needs, causing many challenges when considering the options for risk management and mitigation. In order to ease these challenges, HITRUST can be implemented to minimize risk and alleviate healthcare pain points.
Keeping E-commerce Safe: Key PCI DSS Requirements
Every day, card data is pilfered from both Point-of-Sale (POS) and web-facing merchants. This presentation will focus on key, and often ignored, PCI requirements that provide greater safety to your business.
Active Shooters in the Workplace: Are You Prepared?
Violence in the workplace has always been a concern for companies. With the dramatic rise of shooting incidents in the workplace over the last few years, companies are realizing that their current employee safety procedures have not kept up with the times.
Relevant Audit Selection for Cloud Providers
We detail the different kinds of audits that are applicable to the Cloud industry based on what kind of service they provide: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
A-LIGN’S Cybersecurity Defense Guide
2014 was an eye-opening year in regards to cybersecurity. In this whitepaper, we explore the different attacks that happened and give detailed insight into how to protect your organization from attack.
9 Critical Payroll Pain Points
Dr. Daniel Selby, PhD, CPA, CISA, professor-in-residence at A-LIGN, has written this whitepaper to inform payroll professionals on nine issues that are critical to their ability to process payroll.
Security Awareness Boot Camp: Train Employees to be Your First Line of Defense
President Gene Geiger hosts the A-LIGN Security Awareness Boot Camp! Our boot camp is designed to take viewers through rigorous course objectives that will strengthen their knowledge of information security and improve their reaction to potential threats.
Happy Birthday ‘SOC’ – Farewell SAS 70
The goal of the discussion is to outline the lessons we have learned as service auditors and service organizations over the last year.
ISO 27001 Certification: An All-Access Pass
As a globally recognized security standard, the ISO 27001 certification is gaining traction in the U.S. as more companies are pursuing the certification to meet contractual obligations or to gain a competitive advantage.
Preparing for the COSO Framework Deadline: What Do I Need to Update Prior to December 15, 2014?
By December 15, 2014, all organizations utilizing the COSO Framework will need to complete their updates. The concepts underlying the 5 COSO components have now been codified as principles and must be satisfied as part of your framework.
Defend Your Data: Cybersecurity Lessons Learned from 2014
Learning from the cybersecurity incidents of 2014, Gene Geiger, President at A-LIGN will host a webinar during which Marc Rubbinaccio, Senior Consultant at A-LIGN, will review the incidents, identify common themes, and discuss how organizations can strengthen their information security.
SSAE 16 or SOC 2? Knowing What Path is Right for Your Company
Chief Executive Officer, Scott Price and Director of Compliance, Steve Simmons take a comprehensive look at SOC1/SSAE 16 and SOC 2 audits.
Audit Survival Kit: How to Plan, Prepare and Achieve Compliance
This webinar discusses how to determine the right security or compliance assessment for your organization.
Countdown to Compliance: What You Need to Know for PCI 3.0
The goal of this webinar is to provide highlights of the changes in the PCI DSS standard from Version 2.0 to 3.0, discuss the required implementation timeline and how organizations should approach these changes.
CFPB Examination – Getting Your Agency Ready!
The goal of this webinar is to provide a high-level overview of the key areas that Collection Agencies should focus on as they prepare for the CFPB Examination.
PCI Data Security Standard Implementation Challenges – An Industry Perspective
The goal of this webinar is to provide a high-level overview of the Payment Card Industry Data Security Standard (PCI DSS), outline implementation challenges, and provide real-world examples of industry specific hurdles.
Reducing Audit Impact by A-ligning PCI DSS, SOC 1 & 2 Requirements
The goal of this webinar is to equip organizations that undergo multiple compliance audits annually by aligning PCI DSS, SOC 1 & 2 requirements with guidance on how to better prepare for, schedule, and undergo audits from external auditors.