background preloader


Facebook Twitter


A-LIGN is a technology-enabled security and compliance partner that helps global organizations take a strategic approach to confidently mitigate cybersecurity risks. We bring the people, process and platform you need to secure your summit.

A-LIGN Highlights Simplified Cybersecurity Audits with “Readiness-to-Report” Approach at AWS re:Invent - A-LIGN. Leading cybersecurity audit firm showcases its unique blend of compliance management software with experienced auditors for a full life-cycle approach to the audit process.

A-LIGN Highlights Simplified Cybersecurity Audits with “Readiness-to-Report” Approach at AWS re:Invent - A-LIGN

Las Vegas, NV – November 29, 2021 – From November 29 through December 3, will bring its powerful simplified compliance platform and auditing expertise to the cloud computing community at AWS re:Invent 2021. In an age of ever-increasing data risk, customer security requirements and regulatory oversight, compliance has become a necessity for virtually every SaaS company building on the AWS cloud platform as well as other IT decisionmakers wishing to securely bring their products to market. What You Need to Know About the HIPAA Safe Harbor Act - A-LIGN. The HIPAA Safe Harbor Act was designed to limit the fines associated with a data breach for healthcare organizations that implement “recognized security practices.”

What You Need to Know About the HIPAA Safe Harbor Act - A-LIGN

Do you have your cybersecurity practices in place? Learn more about how to identify what you need to mitigate risk. Organizations that take proactive steps to implement cybersecurity initiatives to protect their customers and employees are becoming more commonplace. Yet, there are still many examples of organizations falling victim to bad actors’ efforts to steal sensitive information for financial gain. This scenario has become a more common tale within the healthcare industry, especially as malicious players continue to take advantage of the COVID-19 pandemic. Data breaches targeting PHI are clearly not going away, creating a new level of urgency for enhanced cybersecurity within the healthcare industry. HITECH and HIPAA Compliance But as we previously mentioned, even the best laid plans can go awry.

HIPAA Safe Harbor Act. What Are the New HITRUST bC and i1 Assessments? - A-LIGN. HITRUST certification just got quicker, more affordable, and less complex.

What Are the New HITRUST bC and i1 Assessments? - A-LIGN

Learn more about HITRUST i1 and why it could be a gamechanger for your organization. The HITRUST Alliance has announced the HITRUST Basic Current State (bC) Assessment and the HITRUST Implemented One-Year (i1) Assessment, two new additions to their portfolio of assessment services that will be released at the end of 2021. While the names bC and i1 may call to mind sleek sports cars or high-powered computer chips, they actually won’t add on a host of new features or added complexity.

In fact, it’s what’s not included in these assessments when compared to the standard HITRUST Risk-Based, Two-Year (r2) Assessment (formerly known as the HITRUST CSF Validated Assessment) that makes them appealing. HITRUST i1, in particular, will be a game changer for compliance. Reduce Audit Time and Penalties with HITRUST CSF v9.5 - A-LIGN. Did you know HITRUST v9.5 can help reduce OCR audit time and minimize penalties?

Reduce Audit Time and Penalties with HITRUST CSF v9.5 - A-LIGN

Learn more from ’s Healthcare and Financial Services Knowledge Leader, Blaise Wabo, on why you should select v9.5 when pursing a HITRUST certification. Since 2007, the HITRUST CSF has been recognized as a well-rounded and certifiable security framework for organizations of all sizes and industries. With the new CSF v9.5 update, HITRUST continues to demonstrate its value for any organization by offering a reformatted report that stakeholders can leverage during an Office of Civil Rights (OCR) audit, following a cybersecurity event or data breach. Let’s look closer at the cause for the new report, what HITRUST v9.5 includes, and how this update will benefit your organization. What is NIST 800-171? - A-LIGN. Your organization can’t afford to lose valuable government contracts.

What is NIST 800-171? - A-LIGN

Protect your business by bolstering your organization’s ability to comply with NIST800-171. Government contracts are highly lucrative, but also tough to secure and manage. That’s because the Federal Government deals with a lot of classified and controlled information on a day-to-day basis. Any contractors or subcontractors who wish to work with the Federal government must, therefore, have security procedures in place to protect that sensitive information.

National Institute of Standards and Technology (NIST) 800-171 is a mandate that states that federal contractors and subcontractors that handle, transmit, or store controlled unclassified information (CUI) must comply with certain standards to protect that data. What is Controlled Unclassified Information (CUI)? CUI is information created or owned by the government that is unclassified, but still very sensitive. CMMC 2.0 Updates- What Do These Changes Mean for Your Organization? - A-LIGN. Three major changes announced for CMMC: fewer security tiers, new level definitions and requirements, and allowance for “Plan of Action & Milestone” reports.

CMMC 2.0 Updates- What Do These Changes Mean for Your Organization? - A-LIGN

Learn more about the DoD’s major changes to the CMMC program. Like everyone else in the world of federal compliance, we’ve been closely tracking the Cybersecurity Maturity Model Certification (CMMC) since the U.S. Department of Defense (DoD) shared its initial draft of the model in early 2020. The controversial certification program has simultaneously been praised for its potential to raise cybersecurity standards for DoD contractors and criticized for the cost to comply, which is seen as a burden for many small businesses that are executing federal contracts.

On November 4, 2021, the DoD announced several updates and changes with the introduction of “CMMC 2.0,” which clarifies how CMMC will be implemented. How Privacy Laws Impact Compliance Programs - A-LIGN. Our 2021 Compliance Benchmark Report found that more than 71% of organizations say that an increasing focus on privacy has impacted their compliance practices and audits.

How Privacy Laws Impact Compliance Programs - A-LIGN

Learn more about what that impact looks like. Privacy is at the forefront of regulators’ minds and therefore, greatly impacting compliance programs across the globe. It’s not just regulators who are taking note of new privacy laws — consumers are concerned about their privacy and data, too. A recent KPMG survey noted that 86% of consumers feel a growing concern about data privacy and 78% are worried about the amount of data being collected about them.

How to Launch and Grow Your Career in Cybersecurity - A-LIGN. How did Arti Lalwani, ’s Risk Management and Privacy Knowledge Leader, get her start in cybersecurity?

How to Launch and Grow Your Career in Cybersecurity - A-LIGN

To promote Cybersecurity Awareness Month, we sat down with Arti to learn about her career path and advice she has for anyone trying to break into the industry. The world of cybersecurity is fast-paced and rapidly evolving. Current events, such as YouRock 2021, The Accellion Supply Chain Attack, and The Colonial Pipeline attack, raised new concerns in the industry.

Evolutions in frameworks and national or regional regulations, drive the need for new controls, policies, and procedures. And, of course, the last year has been an especially trying time due to the COVID-19 pandemic and the extra steps organizations had to take to ensure compliance when employees are working remotely. The Most Common Challenges of the Audit Process - A-LIGN. Our 2021 Compliance Benchmark Report found that more than 70% of organizations believe limited staff resources and evidence collection are the greatest challenges of their audit process.

The Most Common Challenges of the Audit Process - A-LIGN

Learn more about the most common compliance audit challenges, plus potential solutions for each. “What are the top challenges you see companies face throughout the audit process?” It’s a question often asked by proactive leaders who want to avoid the missteps and oversights made by other organizations. Anecdotally speaking, it’s not unusual to hear executives and those in charge of corporate compliance programs say there are simply not enough hours in the day to get everything done, or even to just move things forward in a timely manner. What Does the Deadline on Federal Event Log Management? A new cybersecurity executive order deadline on event log management has many technology companies wondering if they have to take action.

What Does the Deadline on Federal Event Log Management?

Our Federal Practice Lead, Tony Bai, explains what this update means and whether or not it will affect your organization. Another day, another cyber executive order deadline quickly approaching. Recently, the Office of Management and Budget (OMB) released an official memorandum that provided timelines on the actions federal agencies must take to ensure the U.S. government can effectively detect, investigate, and remediate cyber threats. The memo, “Improving the Federal Government’s Cyber Investigative and Remediation Capabilities,” focuses specifically on the requirements surrounding logging, log retention, and log management that were laid out in section eight of President Biden’s executive order on Improving the Nation’s Cybersecurity. Examining the Popularity of the SOC 2 Audit. Is your organization planning for a SOC 2 report? You’re not alone. In our 2021 Compliance Benchmark Report, SOC 2 emerged as the most popular audit for cybersecurity, IT, quality assurance (QA), internal audit, finance, and other professionals across a variety of industries.

SOC 2 is gaining in popularity across industries and across the globe. More and more customers are asking for demonstrated SOC 2 compliance, and independent cybersecurity control validation and attestation is becoming necessary to compete for high priority contracts. Beyond customer demand, SOC 2 ensures that controls are properly implemented and used within your organization, greatly reducing potential security threats. In our 2021 Compliance Benchmark Report, we asked more than 200 cybersecurity, IT, quality assurance (QA), internal audit, finance, and other professionals about which audits are most important to their business. A-SCEND’s Upcoming Release Action Required Improve User Experience. A-SCEND will release a new feature “Action Required” status to help users streamline their workflow, creating an improved customer experience.

Jason Kosecki, ’s Principal Product Operations Manager, launched a new blog series to explore recent releases and upcoming changes to A-SCEND. How Technology Helps Cloud Service Providers Achieve FedRAMP Certification. Tony Bai, ’s Federal Practice Lead, and Emily Cummins, Anitian’s Director of Cloud Security, team up to discuss how technology can make your journey to FedRAMP certification a more streamlined process, saving you time and resources. With technology now playing a major role in compliance assessments across the board, FedRAMP is no exception.

Technology allows organizations to quickly prepare for an assessment and conduct multiple assessments to streamline the compliance process. Ransomware Preparedness Assessment. A-LIGN’s New Ransomware Preparedness Assessment Keeps You from Getting Caught Off-Guard. Cybersecurity should never be an afterthought. Prepare your organization for the threat of ransomware with ’s new Ransomware Preparedness Assessment. With ransomware attacks on the rise, it’s crucial that your organization is prepared. ’s Ransomware Preparedness Assessment puts an effective strategy in place to help prevent attacks and mitigate potential damage if an attack occurs. Cybersecurity threats aren’t new to organizations, but over the past year, one threat rose above the others: ransomware attacks. Though most malicious actors will seek out organizations that could have the greatest payout (or, in the case of the Colonial Pipeline attack, wreak the greatest havoc), it’s more likely that attackers look for known weaknesses they can easily exploit.

The reality is that ransomware is a growing threat. ISO 27701 and GDPR Compliance: What You Need to Know. Can ISO 27701 guarantee GDPR compliance? ISO 27701 can well position any organisation for future GDPR compliance. While one is a management system and the other is a technically a legal framework, ISO 27701 helps to create a path on your journey to GDPR. In 2019, the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) introduced ISO/IEC 27701:2019 (more commonly referred to as ISO 27701). A-LIGN to Accelerate Growth, Expand Software Capabilities and Services.

Deal Uniquely Positions to Meet Skyrocketing Demand for Comprehensive Audit Readiness Software and High-Quality Audit Reports from a Single Vendor New York, NY – August 12, 2021 – Warburg Pincus, a leading global growth investor, announced a strategic investment in , a high-growth provider of cybersecurity and compliance solutions and top issuer of SOC 2 reports worldwide, alongside existing investor FTV Capital. This investment will be used to drive product innovation in the company’s A-SCEND SaaS platform, grow the company’s portfolio of service offerings, expand ’s global footprint and execute on an aggressive hiring strategy. How to Prevent Data Breaches: 6 Best Practices. It’s not “if” a data breach occurs, but “when”. Learn the 6 best practices to prevent a data breach and help you organization better prepare.

Featured CLIMBER: Adam Lubbert. CLIMBERS (also known as employees) at take many different paths throughout their journey – that’s why we sat down with Adam Lubbert, Associate Director of ISO Services, to discuss how he began his career in cybersecurity, what he enjoys most about his role and much more—read below for all the details.

Does My European Business Need a SOC 2 Assessment? The U.S. -based SOC 2 standard is starting to catch on in European businesses as well as other parts of the world. An Exciting New Chapter for A-LIGN, Welcome Warburg Pincus. It’s no secret that the cybersecurity compliance industry is in the middle of a big shift. The demand for trusted, high-quality cyber assessments is skyrocketing, and organizations everywhere are looking for easier, more efficient ways to complete their audit cycles and leverage the process for increased security value at the same time. Aires Attracts Multinational Customers and Government Contracts with ISO 27701 and CMMC.

A-LIGN Announces C3PAO Authorization. Is among the first C3PAOs and RPOs guiding companies through the evolving CMMC audit and certification process so they can win more business in the growing federal space TAMPA, Fla. – Jan. 12, 2021 – , a leading security and compliance provider, is among the first firms to become an accredited Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessment Organization (C3PAO) and Registered Provider Organization (RPO).

This allows to help organizations conduct business with the DoD by offering a variety of services including scoping, gap assessments, remediation analysis and documentation services, all in the spirit of identifying and mitigating cybersecurity risks critical for national security. Privacy Shield, GDPR and the New Standard Contractual Clauses. The ruling that the EU-U.S. Privacy Shield is no longer a valid data transfer mechanism under GDPR accelerated the timeframe for new SCCs, but there’s still work to be done. Identifying the Purpose of Corporate Compliance Programs. Is everyone in your organization on the same page? Our latest Compliance Benchmark Report uncovered the disparity between what boards and regulations require versus how internal teams perceive the strategy behind corporate compliance programs. CMMC Expert Tony Bai. With questions surfacing around CMMC and the changing regulatory landscape, Tony Bai, Federal Practice Lead at , offers his expert advice on a variety of federal compliance topics to help you understand what frameworks your organization should care about, how you can prepare and what is on the horizon for federal compliance.

What is FISMA and How Is It Related to RMF? CMMC: Expert Advice on Cybersecurity Certification Next Steps. How to Grow Your Business in the U.S. with Compliance. A-LIGN Ranks #28 on 2021 Tampa Bay Business Journal's Fast 50. CSA Integrates Cloud Controls Matrix with SOC 2 Reports... Combine Multiple Audits to Save Time and Resources  Privacy Principles and SOC 2 Updates 2016. What is SOC 2? 8 Common SOC 2 Questions Answered. SOC 2 and Subservice Organizations. Featured CLIMBER: Stacy Graison  How do the HITRUST Assurance Advisories Affect Your Program? A-LIGN Insights: July 2021. HITRUST Assessment Types & HITRUST Integration with SOC 2. After Thousands of Audits; the Truth About So-Called “14-Day SOC 2” Cloud Computing and SOC 2. What Is StateRAMP and How Does It Relate to FedRAMP?

The Applicability and Benefits of a SOC 3 Report. How HITRUST Certification Can Satisfy Your SOC 2, ISO 27001 & FedRAMP. Value of the SOC 2 for Service Organizations. What is Zero Trust? How SOC Audits Can Help Save on Errors & Omissions Insurance. SOC 1 Payroll Providers. A-LIGN Employees Virtually Connect for the 2nd Year in 6th Annual. The SOC 1 Examination Process. Survey Says: Compliance Programs Largely Immune to the Pandemic. Featured CLIMBER: Katie Vokus. Mind the Gap: How to Change Auditors without Impacting a Compliance. Updates to the AICPA’s SOC 2 Framework - A-LIGN. Everything You Need to Know About Bridge Letters. The Value of SOC 2. A-LIGN Insights: June 2021. SOC 2 – Not your prior year SAS 70. Understanding the Impact of Testing Exceptions in Type 2 SOC 1 & SOC 2. Ask A-LIGN: What is the difference between a SOC logo & a SOC seal?

5 Reasons Why You Need SOC 2 Compliance. 5 Reasons Why You Need SOC 2 Compliance. The Opportunities and Challenges Ahead. What are the SOC 2 Trust Services Criteria? How European Companies Can Accelerate International Expansion. A-LIGN’s Scott Price Named EY Entrepreneur Of The Year® 2021. Leveraging a SOC 2 Examination to Differentiate Your MSP. What is a SOC 2 Report? Take An In-Depth Look at the SOC 2 Examination Process. The Do’s and Don’ts of Getting Started with HITRUST. SOC 2 vs SOC for Cybersecurity: 3 Main Differences. Starting a new IT security policy? Consider these 8 key policies and procedures. Benefits of Adding SOC for Cybersecurity to Your SOC 2 Audits. Featured CLIMBER: Michael Darmanin. What is FedRAMP and Why Does My Organization Need It?

A-LIGN Insights: May 2021. SOC 2 Examinations for Colocation Service Providers. A-LIGN’s Arti Lalwani Honored in 2021 Women Leaders in Technology. 4 Miscellaneous HITRUST Regulatory Factors to Consider. SOC 2: The Definitive Guide. HITRUST vs. HIPAA: Which Is Right for My Organization? A-LIGN Wins "Market Leader in Compliance" and "Editor's Choice in SMB Cybersecurity" during RSA Conference 2021. 5 Easy Steps to Prep for your First SOC 2 Audit - A-LIGN. 2021 Compliance Benchmark Report - A-LIGN. Despite the pandemic, 85% of organizations completed their audits.

Four Benefits of Combining ISO 27701 and ISO 27001. A-LIGN Compliance & Assessments. SOC 2 for Startups: Boosting Your Startup with SOC 2. How to Win More Deal by Arming Sale With your Cybersecurity Assessment. CPRA vs. CCPA: What's the Difference? 6 Key Changes to Understand. What’s The Difference Between SOC 2 Type I and Type II? SOC 1 or SOC 2: Which Is Right for My MSP? SOC Report Types: What You Need to Know. Go Beyond the Privacy Policy. FedRAMP Tailored: New Program for Cloud Service Providers. Ace Your SOC Report with a SOC Audit Checklist. 7 HITRUST Regulatory Factors to Consider for Healthcare.

Unify Audit Experience Multiple Standard with Single-Provider Approach. How to Feature Your Cybersecurity Assessment on Your Website. Four Key Insights from the 2021 Compliance Benchmark Report.