The New Standard: PCI DSS 3.1

On April 15, 2015, The PCI Security Standards Council published the PCI DSS Version 3.1.  Within the update, there were 3 types of changes that were noted.  They included: Clarifications: Clarifies the intents of the requirements.  Additional Guidance: Explanations with the purpose of providing further information on the requirements. Evolving Requirement: Changes to the requirements to keep up with emerging threats and updates within the market.

Read More

Nine Payroll Pain Points

 Dr. Daniel Selby, PhD, CPA, CISA has written a whitepaper for A-LIGN entitled, “Nine Critical Payroll Pain Points and What Payroll Professionals Should Do About Them?”  An excerpt from Dr. Selby’s summary on LinkedIn:

Read More

The Connected World: A Look At Mobile Security?

Smartphones are a truly extraordinary technology.  Like an electronic Swiss Armor Knife, they are seemingly magical devices that provide a ton of services in the palms of our hands.  Each day, it seems, a new feature emerges enabling them to do even more.  Using a smartphone a person can video conference, navigate through the perils of rush hour traffic, and download a new recipe for beef stroganoff, just hopefully not at the same time!

Read More

Relevant Audit Selection for Cloud Providers

Just as in physical storage, cloud service providers are used to store sensitive data.  This can be anything from credit card information to personal information such as social security numbers.  There are three key cloud services:  Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).  The storage of sensitive data will inevitably lead a cloud service provider to need a specific audit performed by a third-party entity, such as A-LIGN, due to legal, regulatory and/or contractual obligations.  It is important for cloud service providers to understand its obligations first when selecting an audit.  

Read More

SOC Vendor Due Diligence for Title Agencies

The American Land Title Association (ALTA) Best Practices Framework has been developed to assist lenders in satisfying their responsibility to manage third party vendors. ALTA members advocate a safe and efficient transfer of real estate and have high standards when searching land title records and preparing insurance documents. To provide the best possible chance of avoiding land title problems, risk should be eliminated prior to insuring. As such, effective safeguards should be in place.

Read More

The State of Cybersecurity: How to Prepare For 2015

2014 was a cybersecurity eye opener for all individuals using technology.  The public and many corporations had to personally face the repercussions of the cybersecurity weaknesses throughout all technology.  The whole world was watching this year as cyber-attacks hit one after the other, arguably the worst cybersecurity incident happening in November to Sony Pictures Entertainment.  Not as popular but certainly as devastating, Heartbleed was part of the worst vulnerabilities made public and possibly the worst vulnerability ever released.

Read More

FedRAMP Releases Updated Logo & FedRAMP Forward

  FedRAMPSM has released their newly redesigned logo in coordination with the release of “FedRAMP Forward: 2 Year Priorities.”  FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.  

Read More

Countdown to PCI DSS 3.0 : Lessons Learned from Early Adopters

As most of us know, the PCI DSS assessment effectively moved from version 2.0 to 3.0 at the beginning of 2014.  The new 3.0 version raises security standards to help organizations focus more on the actual payment security aspect rather than the compliance itself.  Having performed many PCI DSS 3.0 assessments this year, we want to share what we’ve learned from working with these early adopter clients.

Read More

Hacking The Holidays: Protect Your Credit Card Information

Unfortunately, the Grinch is not the only one out there wishing to steal Christmas.  While the holidays generally encompass a time of joy and giving, it can also bring with its share of troubles.  It is during these times that people will most often let their guard down.  In the search for the best deal, or perfect gift, people will often overlook or forget about Internet safety precautions.

Read More

Vendor Due Diligence & Contract Review: Getting Your Regulatory & Compliance Requirements in Order for the New Year

Most people make their New Year’s resolutions on New Year’s or just after it.  But when it comes to regulatory and compliance requirements, all companies should be looking to make their resolutions in the fall.  Take a cue from retail.  As we walk through a mall, it’s not even Thanksgiving but the holiday decorations are already out.  Right now is the time to take a preemptive strike on your regulatory and compliance needs. So many of our clients contact us in the fall and forget of their regulatory and compliance requirements that they contractually have with a particular vendor or customer.  This is why fall is always a busy time for us at A-LIGN as we deliver on our clients’ needs, wants and expectations.

Read More