Tony’s Take on Federal Compliance
Join this exclusive Q&A series with Tony every month, where he provides real insights on the latest in CMMC. He’ll answer your questions and will be with you every step of your CMMC journey.
2021 Compliance Benchmark Report
In A-LIGN’s first Compliance Benchmark Report, we asked over 200 cybersecurity, IT, quality assurance (QA), internal audit, finance, and other professionals about their compliance programs. We asked about their organizations, how they run their programs, & the impact of the COVID-19 pandemic on their compliance plans.
Five Best Practices to Streamline Cybersecurity Audits
While audits should be predictable, annual events in service of a good cause—strong data privacy and cybersecurity—it’s all too common for them to become a last-minute scramble. Fortunately, with the right preparation and attention, the compliance process can be much easier, truly driving your business in the right direction.
PCI DSS by Numbers
Keeping on track for PCI DSS compliance can be a challenge for both large and small organizations. In this resource, the compliance experts at A-LIGN have laid out various timetables associated with PCI DSS compliance.
5 Easy Steps to Prep for your First SOC 2 Audit
Companies who get ahead of their SOC 2 audit, before it’s a revenue emergency, find that the process can be much easier than they expected it to be. These 5 easy steps will help you avoid major headaches later on. Register today!
Five Easy Steps to a Smoother Cybersecurity Audit Experience
In this webinar, we cover five steps you can take to simplify the audit process, including consolidating auditors to save time, money, and headaches. We also cover solutions to your security team’s most common pain point and discuss how technology is accelerating common audits.
SOC 2: The Definitive Guide
Your first audit doesn’t need to be overwhelming. This SOC 2 Definitive Guide will help you take a few, manageable steps now that will avoid major headaches later. Don’t put it off – get started today.
Expert Q&A: Get the Most Out of Your Pen Testing Results
This recorded Q&A with A-LIGN’s pen testing expert Joseph Cortese covers the results of your pen test: what they can and can’t tell you, and how you can use them for a variety of high-value purposes.
Expert Q&A: Why a Pen Test Should Be Part of Your SOC 2 Plan
This recorded Q&A features A-LIGN’s resident “ethical hacker” and pen testing expert Joseph Cortese, who sets the record straight on why organizations should consider adding penetration testing to their SOC 2 audit and answers the questions that you care about.
Expert Q&A: What to Expect from Your First Penetration Test
In this recorded interview, A-LIGN’s pen testing expert Joe Cortese dives deep into the pen testing process. Check it out to learn what to expect, step-by-step, as you go through it for the first time.
Expert Q&A: Are You Ready for Your First Pen Test?
Penetration testing should be part of any risk management strategy. In this recorded interview, A-LIGN resident ethical hacker Joe Cortese describes what you need to know to get ready for your first one.
The New Norm: The Reality of Remote Work
The reality of remote work is here to stay. Watch this on-demand webcast to learn how and why most organizations are transitioning to a permanent remote work policy, and the cybersecurity challenges introduced by this massive cultural shift.
Aires Attracts Contracts with ISO 27701 and CMMC
Aires is building a strategic compliance program that avoids tactical audits and transactional auditors in favor of a sustained relationship with A-LIGN that delivers continuous value over time. Having already established certification with ISO 27001, Aires has turned its attention to two relatively new frameworks, ISO 27701 and CMMC, to drive its next wave of business growth.
CMMC Survival Guide
Join an A-LIGN moderated panel consisting of thought leaders within the CMMC space where they cover everything from planning to certification. Listen as experts discuss commonly asked CMMC questions, including scoping, determining the appropriate level for you firm, technical implications, and more.
SOC 2 Readiness Checklist
A SOC 2 report can demonstrate to your customers that your business has elevated its information security controls to protect their valuable data from risk. That’s why you need to be ready to meet the highest standards when the time comes for your SOC 2 examination. Utilize this interactive checklist in order to determine your level of readiness for your upcoming SOC 2 audit.
Growing Your Business in the US with Compliance
The US market presents a number of compliance challenges for companies in Europe. Without the right compliance reports and security certifications, it can be difficult to win contracts and gain the trust of consumers. Find out how a more strategic approach to auditing can help your company build client trust, differentiate your business, and gain investor and stakeholder trust to drive revenue.
CMMC Explained: Practices, Processes, Domains and Levels
The Cyber Maturity Model Certification (CMMC) is a framework of five increasingly stringent control levels developed by the Office of the Under Secretary of Defense for Acquisition and Sustainment. But what does that really mean for your organization? This whitepaper will provide a an overview of this new framework as well as a breakdown of each of the levels and the associated focus points.
Case Study: The Path to Compliance with Pathway Communications
When Pathway Communications set out to upgrade their approach to meeting their complex compliance needs, their search brought them to A-LIGN. After years of struggling to manage multiple compliance frameworks with other firms, they finally found a partner capable of elevating their business when it came to security and compliance.
Fireside Chat: Accelerate Your Business with Strategic Compliance
Watch A-LIGN's fireside chat to learn how businesses, like TIBCO, Ancestry.com, and Provation Medical are streamlining compliance by centralizing evidence collection, standardizing compliance requests, and consolidating audits.
Strategic Compliance and the Future of Business
Transform your organization with strategic compliance to deliver new efficiencies and allow your team the time to focus on dynamic digital transformation efforts.
The State of
Compliance 2020: An Interactive Town Hall
Want to peek into the compliance playbooks of other CIOs, CISOs and compliance professionals who are thinking about go-forward plans in light of everything happening in the world?
Gartner 2020 Market Guide for Organization Security Certification Services
Gartner says "SOC 2, SOC 2+, ISO 27001, PCI DSS, HITRUST and cloud security certifications can be perplexing and resource-intensive. Security and risk management leaders need to move beyond compliance and toward stakeholder-driven security assurance."
Healthy Security Playbook
Taking a proactive approach to personal healthcare is an invaluable way to stay healthy and help prevent future complications. Similarly, being proactive with your healthcare organization’s security posture can save time, money, resources and stress down the road and help to mitigate future risks.
FedRAMP, FISMA and NIST: Understanding Federal Compliance
Watch A-LIGN’s Federal Practice Lead, Tony Bai, as he explains federal assessments and why they could be important for your organization. Every day, the federal government processes large amounts of data ranging from personal information to matters of national security.
Overlap and Differences Between the Revised SOC 2 Framework and ISO 27001
As market demand increases the need for organizations to demonstrate adequate internal control and risk management practices, many organizations are considering the combination of a SOC 2 report and an ISO/ IEC 27001:2013 (ISO 27001) certification.
A-LIGN’s Belay Approach
For many organizations, completing a SOC 2 examination for the first time can be a daunting task. For organizations that are unable to complete a readiness assessment, A-LIGN has revolutionized a unique audit approach that still provides some of the same benefits of a readiness assessment. Sticking true to our value of “Innovating Constantly,” A-LIGN has created an audit approach referred to as the Belay Approach.
Simplifying the Data Center Compliance Process with A-LIGN
Data center compliance can be a complex challenge due to the volume of locations that require audits, as well as the numerous standards required by customers across multiple service lines. That’s why national colocation firm vXchnge chose A-LIGN to help them protect their customers’ data.
The SOC 2 Examination Process
A SOC 2 audit provides both detailed information and assurance of the service organization’s controls relevant to security, availability, processing integrity, confidentiality or privacy of a given service or system. This whitepaper answers frequently asked questions regarding SOC 2 audits, describes the differences between a Type 1 and Type 2 report and outlines the SOC 2 Examination process.
The Path to PCI DSS Compliance: Cloudreach’s Journey with A-LIGN
Cloudreach, the world’s largest cloud-native company, partnered with A-LIGN to help them achieve PCI DSS compliance in 2018. In this whitepaper, A-LIGN and Cloudreach share the story of their journey together, the unique challenges they faced, the solutions that A-LIGN proposed and how Cloudreach achieved PCI DSS success.
Leveraging Your Compliance Report
Compliance examination reports are more than an attestation of your commitment to quality and security; they can drive revenue, build client trust and position your organization as a cybersecurity leader in your industry. In this whitepaper, A-LIGN will show you how your organization can leverage your compliance report for growth opportunities.
What to Expect
in PCI DSS 4.0
Watch A-LIGN’s PCI Practice Lead Dustin Rich as he explains PCI DSS and the road to PCI DSS 4.0. As the industry prepares for changes with the 4.0 update, now is a great time to look at what to expect from the new update and review the successes and challenges of PCI DSS 1.0-3.0.
Reviewing Federal Compliance: FedRAMP, FISMA and NIST
Every day, the federal government processes large amounts of data, including financial information, personal information, issues of national security and intellectual property and patents. A-LIGN takes a deeper look at the compliance process and how FedRAMP, FISMA and NIST 800-171 can benefit your organization.
The HITRUST CSF
The HITRUST CSF is a robust and scalable framework for managing regulatory compliance and risk management of organizations and their business associates. Originally designed specifically for the healthcare industry, the HITRUST framework has found success across multiple industries thanks to its unifying regulatory requirements and recognized frameworks.
Cybersecurity examinations are an important undertaking for your organization, its health and projected future. Our helpful Cybersecurity Audit Buyer’s Guide helps you prepare by revealing inside tips to save time, money and resources.
What Are the Top Policies and Procedures Needed for a SOC 2 Audit?
The core of SOC 2 Examinations is based upon the AICPA’s Trust Services Criteria (TSC). The TSCs mandate that an organization has information documented regarding their security and operational policies, procedures, and processes in place for consistent compliance.
An Introduction to Hacking
Stay ahead of hackers by getting into the mind of one. A-LIGN’s Associate Manager and Penetration Tester, Van Bettis, reviews his experience as a hacker working to help organizations bolster information security and avoid hacks.
SOC 2 Report Types
Your organization needs a SOC 2, but how do you choose between a diagnostic report, readiness assessment, type 1 or type 2 report? This helpful guide will clarify the procedures required across each report type, as well as the expected deliverables.
The ISO 27001 Certification Process
ISO 27001 can help organizations reduce risk, optimize operations within an organization due to clearly defined responsibilities and business processes, and build a culture of information security.
Defend Against Cyber Invaders
The cyber invasion has begun. Are you prepared? Join the mission against cyber invaders and begin defending your organization today with our interactive infographic.
Understanding the New SOC 2 Guidelines
In 2017, the AICPA published revisions to the Trust Services Criteria for security, availability, processing integrity, confidentiality or privacy, codified as TSP Section 100. This updated guidance is required for SOC 2 examinations with a review period ending after December 15, 2018.
The Privacy Revolution
With the global influence of both the GDPR enforcement and the Facebook discovery, organizations are under scrutiny for their privacy practices. Following these events, the industry anticipates new standards and laws increasing consumer privacy rights.
We continue to receive questions from organizations trying to understand how they can get ahead of the privacy curve, comply with GDPR standards and avoid the fallout. Our privacy team has assembled the GDPR Toolkit to help our clients and any organization concerned about how the privacy landscape will impact their organization, its clients, and its ability to do business.
Halfway to the Summit: Security & Compliance in 2018
Since the beginning of 2018, organizations anticipated and put resources in place to understand the impact of the Internet of Things (IoTs), ransomware, blockchain, and other emerging technologies. However, 6 months into the year, have the top concerns changed?
State of Cybersecurity Florida Report: 3 Takeaways
A-LIGN’s Director of Cyber Risk and Privacy, Petar Besalev reviews the three major cybersecurity trends affecting Florida businesses and Florida citizens. The review is based on the 2017 State of Cybersecurity in Florida report developed by The Florida Center for Cybersecurity (FC2) and Gartner Consulting.
Compliance in the Cloud – Uncovering Your Risks & Audit Options
As organizations continue to move to the cloud, security concerns are playing an important role in selecting a cloud service provider. Achieving compliance in the cloud can be a daunting experience, especially as it pertains to determining whose responsibility it is to address cloud computing regulations and requirements, and to ensure security.
New PCI DSS 3.2 Service Provider Requirements in Effect – Are You Ready?
With the effective date of February 1, 2018, service providers must now adhere to the new PCI DSS Version 3.2 requirements. To help prepare for these new requirements, A-LIGN’s Senior Manager, Dustin Rich, will review the new PCI DSS 3.2 requirements.
Meet Shareholders and Compliance Needs with a SOC for Cybersecurity
As the cybersecurity landscape evolves and data breaches become more frequent, it's imperative organizations demonstrate and maintains the security of their information. To accommodate these emerging challenges, the AICPA developed SOC for Cybersecurity.
Achieving PCI Compliance for Higher Education
As universities gear up their compliance initiatives, A-LIGN examines industry trends, citing emerging risks, new technologies and updated requirements that make it necessary to achieving PCI compliance for higher education.
GDPR Preparedness: Ensuring Compliance
The deadline for organizations to comply with the General Data Protection Regulation (GDPR) has passed. However it's never too late to become compliant.
Securing Privacy: Understanding the Impact of GDPR
The deadline to comply with the General Data Protection Regulation (GDPR) is May 25, 2018. This regulation affects any organization that processes and/or handles the information of European Union citizens.
The Ultimate Cyber Defense Guide
Through identifying emerging trends, highlighting industry statistics, and providing preventative tips, organizations can begin strategizing and implementing effective cybersecurity.
Future of Healthcare: The Transforming Healthcare Industry
The healthcare sector is regarded as one of the fastest evolving industries in the nation. This transformative environment is pushing organizations to provide unique solutions while handling new challenges.
Using HITRUST CSF v9 to Meet Your Compliance Requirements
With the release of HITRUST CSF v9, Senior Consultant and HITRUST CCSFP, Blaise Wabo, discusses the latest evolution of the HITRUST CSF.
Risk Response: Establishing a Plan for Business Continuity and Disaster Recovery
The FDIC has created guidance to more-clearly supervise financial institution contracts with TSPs as they relate to business continuity planning.
Taking Steps Towards GDPR Compliance
The deadline for organizations to comply with the General Data Protection Regulation (GDPR) is May 25, 2018. Are you prepared?
Preparing for the Transition to SOC 1 Under the SSAE 18 Attestation Standard
The SOC 1/SSAE 18 was released by the Auditing Standards Board (ASB) of the American Institute of Certiﬁed Public Accountants (AICPA) providing assurance regarding the controls at a service organization relevant to the user entities’ internal control over financial reporting.
Cyber Defense Guide: Part 2
In part 2 of our Cyber Defense Guide, our experienced assessors take a deeper look into breach statistics, review the types of social engineering and malware attacks, and provide actionable prevention tips.
Mastering the Limited Access Death Master File to Achieve Certification
The Limited Access Death Master File (LADMF) contains information about deceased persons that is used by financial and credit firms, as well as government agencies, to match records and prevent identity fraud.
Cyber Defense Guide: Part 1
As we look at the breach landscape, it becomes apparent that continued education is necessary in order to protect information. A-LIGN discusses the cybersecurity landscape, the different types of hacks that your organization could face, and 10 actionable tips to prevent hacking in your organization.
Putting the Pieces Together: What is HITRUST and how does it fit into the compliance puzzle?
HITRUST is the sum of multiple audit standards and serves as a comprehensive certification for those in the healthcare industry.
The Survival Backpack: Gearing up for Compliance in 2017
In 2016, as many standards and methodologies, such as PCI DSS, FedRAMP and HITRUST were met with revisions, we look at how to appropriately implement these changes for your organization.
The Song Remains the Same: A Decade of Unchanged Security Vulnerabilities
A decade of security innovation and awareness, combined with maturing compliance standards have improved our security culture. However, the same security vulnerabilities found in 2006 continue to appear today in standard penetration testing.
How to Avoid Common PCI DSS Assessment Pitfalls
There are a few basic issues that plague many companies when it comes to attempting to comply with (and maintain compliance with) the most prescriptive security frameworks in information security: The Payment Card Industry – Data Security Standards (PCI DSS).
Going for Gold: Becoming ALTA Best Practices Certified
As Michael Phelps and Katie Ledecky make their way home from the Olympics in Rio, A-LIGN’s experienced assessors consider the journey that organizations take to “Go for the Gold” and become ALTA Best Practices certified.
What is the Right Audit for Your Title Company?
While there is no one audit that fits all, nor is there an audit that is currently required within the industry, the answer to our question in the title of this whitepaper is driven by your stakeholder’s request and your organizational objectives.
Preparing for a PCI DSS Audit: Top 10 Key Issues
Does your organization know how to successfully prepare for a PCI DSS assessment? Without proper preparation, a PCI DSS audit can become more time and resource intensive than necessary.
“Failed” Your SOC Examination? Here’s Why
While you theoretically cannot fail a SOC examination, there are SOC reports that have control design or operating deficiencies, which result in the audit report opinion to be modified or qualified.
Outline of Revisions in PCI DSS 3.2
In light of the release of PCI DSS 3.2, A-LIGN has assembled a detailed outline of the changes in PCI DSS 3.2 including implementation timelines, changes to the requirement, and changes to the assessment procedure..
Breached: Now What?
Data breaches are on the forefront of our minds as they occur with increased frequency and severity. Data breaches can be disastrous for not only the victim organization, but for an entire chain of affected entities.
How HITRUST Mitigates the Challenges Facing Healthcare
Healthcare currently faces strict regulatory needs, causing many challenges when considering the options for risk management and mitigation. In order to ease these challenges, HITRUST can be implemented to minimize risk and alleviate healthcare pain points.
Keeping E-commerce Safe: Key PCI DSS Requirements
Every day, card data is pilfered from both Point-of-Sale (POS) and web-facing merchants. This presentation will focus on key, and often ignored, PCI requirements that provide greater safety to your business.
Active Shooters in the Workplace: Are You Prepared?
Violence in the workplace has always been a concern for companies. With the dramatic rise of shooting incidents in the workplace over the last few years, companies are realizing that their current employee safety procedures have not kept up with the times.
Relevant Audit Selection for Cloud Providers
We detail the different kinds of audits that are applicable to the Cloud industry based on what kind of service they provide: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
A-LIGN’S Cybersecurity Defense Guide
2014 was an eye-opening year in regards to cybersecurity. In this whitepaper, we explore the different attacks that happened and give detailed insight into how to protect your organization from attack.
9 Critical Payroll Pain Points
Dr. Daniel Selby, PhD, CPA, CISA, professor-in-residence at A-LIGN, has written this whitepaper to inform payroll professionals on nine issues that are critical to their ability to process payroll.
Security Awareness Boot Camp: Train Employees to be Your First Line of Defense
President Gene Geiger hosts the A-LIGN Security Awareness Boot Camp! Our boot camp is designed to take viewers through rigorous course objectives that will strengthen their knowledge of information security and improve their reaction to potential threats.
Happy Birthday ‘SOC’ – Farewell SAS 70
The goal of the discussion is to outline the lessons we have learned as service auditors and service organizations over the last year.
ISO 27001 Certification: An All-Access Pass
As a globally recognized security standard, the ISO 27001 certification is gaining traction in the U.S. as more companies are pursuing the certification to meet contractual obligations or to gain a competitive advantage.
Preparing for the COSO Framework Deadline: What Do I Need to Update Prior to December 15, 2014?
By December 15, 2014, all organizations utilizing the COSO Framework will need to complete their updates. The concepts underlying the 5 COSO components have now been codified as principles and must be satisfied as part of your framework.
Defend Your Data: Cybersecurity Lessons Learned from 2014
Learning from the cybersecurity incidents of 2014, Gene Geiger, President at A-LIGN will host a webinar during which Marc Rubbinaccio, Senior Consultant at A-LIGN, will review the incidents, identify common themes, and discuss how organizations can strengthen their information security.
SSAE 16 or SOC 2? Knowing What Path is Right for Your Company
Chief Executive Officer, Scott Price and Director of Compliance, Steve Simmons take a comprehensive look at SOC1/SSAE 16 and SOC 2 audits.
Audit Survival Kit: How to Plan, Prepare and Achieve Compliance
This webinar discusses how to determine the right security or compliance assessment for your organization.
Countdown to Compliance: What You Need to Know for PCI 3.0
The goal of this webinar is to provide highlights of the changes in the PCI DSS standard from Version 2.0 to 3.0, discuss the required implementation timeline and how organizations should approach these changes.
CFPB Examination – Getting Your Agency Ready!
The goal of this webinar is to provide a high-level overview of the key areas that Collection Agencies should focus on as they prepare for the CFPB Examination.
PCI Data Security Standard Implementation Challenges – An Industry Perspective
The goal of this webinar is to provide a high-level overview of the Payment Card Industry Data Security Standard (PCI DSS), outline implementation challenges, and provide real-world examples of industry specific hurdles.
Reducing Audit Impact by A-ligning PCI DSS, SOC 1 & 2 Requirements
The goal of this webinar is to equip organizations that undergo multiple compliance audits annually by aligning PCI DSS, SOC 1 & 2 requirements with guidance on how to better prepare for, schedule, and undergo audits from external auditors.