What Everyone Should Take Away from the Recent Retail Breaches

By: Gene Geiger, Partner of A-LIGN Recent Retail Breaches – What Should You Do When news of the Target breach was announced, in the middle of the holiday shopping season, it made headlines and re-kindled the debate on payment card data security and more specifically, the effectiveness of the PCI Data Security Standard (“PCI DSS”), which was established to protect payment card data. This debate has only intensified as news of breaches at other major retailers has surfaced. So what went wrong? How were millions of records exposed? You don’t have to go very far to find the finger pointing and criticism of everyone involved, including Target, the PCI Security Standards Council (“PCI SSC”) and the core infrastructure used in the payment card industry. These discussions will continue and additional guidance may be produced, but at the end of the day, the clients I speak with want to know one thing “What should we do?” Outlined below are some thoughts I would like to share on how to increase the security in your environment.

Read More

A-LIGN Becomes Data Privacy Day Champion

This year A-LIGN is participating as a Data Privacy Day (DPD) Champion. As a DPD Champion, A-LIGN recognizes and supports the principle that organizations, businesses, and government all share the responsibility of proper data management by ensuring the privacy and safeguarding of their data. Data Privacy Day is observed annually on January 28 as an international awareness effort to encourage internet users to consider the privacy implications of their online actions, motivating all companies to make the protection of privacy and data a greater priority.

Read More

A-LIGN Implements Center of Excellence Program to Improve Audit Experience

By: Scott Price, Managing Partner of A-LIGN With the start of the new year, we introduce a new program: A-LIGN’s Center of Excellence (CoE), which was developed to build upon our strong client relationships and high quality service delivery. In our efforts to continually improve upon our current assessments and reporting procedures, we are implementing the CoE program as a new tool to foster our growth and continued involvement within our clients’ industries along with remaining current on new and upcoming compliance needs. The program will enable us to proactively develop educational materials for our clients, explaining or outlining any updates or authoritative developments to current regulations, which may affect their business. A-LIGN is already an active participant within professional and trade associations, but the focus of the CoE program will allow A-LIGN personnel to participate in leadership roles both within professional and trade associations.

Read More

5 Benefits of Annual Compliance Reports

By: Scott Price, Managing Partner of A-LIGN As a leading provider of assurance, security, and compliance services, A-LIGN is often asked why clients should or should not have an annual examination performed. Below is a list of the (5) five benefits we have found that provide the most value for our clients when considering the annual scheduling of their compliance assessment(s).

Read More

Understanding FedRAMP: Cloud Service Provider’s Top 4 Questions Answered

By: Gene Geiger, Partner of A-LIGN Security and Compliance Services As an information security and audit firm focused on the compliance needs of service providers, A-LIGN’s accreditation as a FedRAMP third party assessment organization (“3PAO”) is a natural fit with our existing service offerings. Since becoming a FedRAMP 3PAO, we have noticed a trend in client calls stating their customers are inquiring about FedRAMP or that FedRAMP is being discussed during the sales cycle with prospective customers. With that being said, I thought it would be beneficial to outline the most common FedRAMP questions we have received with detailed responses.

Read More

Webinar: “Countdown to Compliance: What you need to know for PCI 3.0”

A-LIGN to present, "Countdown to Compliance: What you need to know for PCI 3.0" on Tuesday, December 10, 2013, from 2:00-3:00 pm EST. Gene Geiger, Director of A-LIGN Security and Compliance Services, will provide highlights of the changes in the standard from PCI DSS Version 2.0 to 3.0, the required implementation timeline and how organizations should approach these changes.

Read More

How Subservice Organizations Impact SSAE 16 Reports

By: Scott Price, Managing Partner of A-LIGN Determine whether your SSAE 16 Report is saving your client money or costing them! With year-end financial audits fast approaching, your clients will soon be requesting your SSAE 16 report. Why? This is because your SSAE 16 reports will allow your client’s financial auditors to determine if they need to perform additional testing or if they can utilize the report for their year-end financial audit. If the latter option happens to be this case, your SSAE 16 report will save your clients both time and money. Now, aren’t you efficient?

Read More

PCI Data Security Standard Version 3.0 – Breakdown of Changes to Anticipate

By: Gene Geiger, Partner of A-LIGN Following the 36 month lifecycle the PCI Security Standards Council (“Council”) has established for the published standards, Version 3.0 of the PCI Data Security Standard is in the final stages before it will be released on November 7, 2013. Through several webinars and documents provided to stakeholders, the Council has provided information on the final draft in order to receive feedback at the 2013 Community that will be held in Las Vegas September 24 – 26. The core twelve requirements remain the same, but after a review of the changes and guidance provided by the Council, the change to Version 3.0 is more comprehensive than we experienced with previous version changes. However, due to the impact of these changes and the time it may take to fully comply with the requirements of Version 3.0, Version 2.0 may be used for assessment until December 31, 2014. Nonetheless, the Council encourages adoption of Version 3.0 as soon as practical.

Read More

Webinar: “CFPB Examination – Getting Your Agency Ready!”

A-LIGN to present webinar entitled, “CFPB Examination - Getting Your Agency Ready!” on Tuesday, October 1, 2013, from 1-2 p.m. EST. The presentation will provide a high-level overview of the key areas that collection agencies should focus on as they prepare for the CFPB Examination.

Read More

A-LIGN will participate in Junior Achievement’s (JA) Pep Rally at the Alley Bowl-A-Thon

A-LIGN will participate in Junior Achievement’s (JA) Pep Rally at the Alley Bowl-A-Thon on November 9, 2013. Junior Achievement’s annual Bowl-A-Thon is a fundraising event to encourage companies to participate and support in the funding of JA’s programs, which focus on mentoring students, K-12th grade, in the areas of work-readiness, entrepreneurship and financial literacy skills. A-LIGN is proud to employ some of the most talented professionals in the industry who also dedicate their skills and talents to our community. Scott Price, A-LIGN’s Managing Partner, has been a dedicated board member of Junior Achievement for the past 11 years.

Read More