Payment Card Processing

Preparing for HITRUST CSF v8

HITRUST CSF v8 To ensure the HITRUST CSF stays relevant and current with the needs of today’s healthcare organizations, the HITRUST Alliance continually updates the CSF to incorporate the changing standards and regulations associated with its authoritative sources. The updates within v8, which was release on July 1, 2016, incorporate…

Read More

Back to Basics: What is HITRUST?

A-LIGN’s HITRUST Assessors are often asked: What is HITRUST and why do I need it? As healthcare organizations face stricter regulatory needs in light of an increase in healthcare-related breaches, many organizations are considering HITRUST as an option for risk management and mitigation. What is HITRUST? HITRUST, or the Health…

Read More

Holding Your Security Ransom: Preparing Your Organization for Ransomware Attacks

Today’s ransom trend Today, ransomware virus cases are becoming more frequent than ever as they are raking in, on average, $450 billion dollars into the cybercriminal market annually. These unpleasant viruses leave users desperate, pressuring them into thinking that they have no choice but to pay ridiculous amounts of bitcoins…

Read More

Which HITRUST Assessment Scope Is Right for My Organization?

Which HITRUST Assesment Scope is Right for My Organization? There are 14 different control categories, each with their own number of objectives and requirements. These include the following: Information Security Management Program Access Control Human Resources Security Risk Management Security Policy Organization of Information Security Compliance Asset Management Physical…

Read More

SOC 2: 2016 Updates and the Privacy Principle Integration

Overview of Privacy Principle and SOC 2 Updates In order to clarify and eliminate redundancy within the requirements of the trust services criteria for privacy, changes have been made to the SOC 2 privacy principle guidelines. While most of these changes are clarification-based, the addition of privacy to the common…

Read More

Ask A-LIGN’s Experienced Assessors: HITRUST

Because of the unique challenges facing the healthcare industry, companies are considering their options to mitigate and manage their risk. HITRUST offers a framework that allows for consistent implementation of the HIPAA requirements, but generates many questions that need to be answered. Below are a few frequently asked questions that…

Read More

Revision in MasterCard’s Cardholder Obligations: Does It Affect You?

MasterCard has revised its Standards to allow for collection agents to accept signature debit cards in the US. This revision is effective immediately and will be reflected in upcoming versions of MasterCard Rules. This change does not affect MasterCard’s credit transaction rules, and those transactions will remain prohibited as…

Read More

What to Expect from PCI DSS 3.2

Earlier this year, we wrote about how to prepare for PCI DSS 3.2. Now, organizations should begin to implement changes with the PCI DSS 3.2 official release. These standards should be adopted as soon as is possible, as version 3.1 will expire on October 31,…

Read More

ISO 27001: The Four Most Common Post-Certification Pitfalls

Author: Gene Geiger, CPA, CISSP, CCSK, QSA, PCIP, ISO 27k LA, and Partner at A-LIGN. Becoming ISO 27001 certified is a rigorous process for most organizations but the work should not stop after receiving the sought after certification. We want to ensure that your organization does not fall…

Read More

HITRUST Assessment Scoping Guidelines

We are asked routinely “which controls will A-LIGN test as part of the HITRUST assessment?”.  The answer to that question depends on the environment and the outcome of the scoping process.  Scoping occurs in the initial phases of your HITRUST assessment process in order to…

Read More