Whitepaper Index

At A-LIGN, our assessors share their knowledge with informative audit and compliance whitepapers. We strive to create and share valuable information from our compliance and security professionals.

Below is a list of informative whitepapers written by our compliance and security experts. Please click on the titles to access and download each whitepaper individually. Read, learn, and contact us here if you have any questions.

  • How to Avoid Common PCI DSS Assessment Pitfalls
    There are a few basic issues that plague many companies when it comes to attempting to comply with (and maintain compliance with) the most prescriptive security frameworks in information security: The Payment Card Industry – Data Security Standards (PCI DSS).  In this whitepaper, A-LIGN’s Michael Barnes (who has over ten years of experience performing PCI DSS assessments) will outline common PCI DSS pitfalls and how to avoid them.

  • What is the Right Audit for Your Title Company?
    While there is no one audit that fits all, nor is there an audit that is currently required within the industry, the answer to our question in the title of this whitepaper is driven by your stakeholder’s request and your organizational objectives. In this whitepaper, A-LIGN Managing Consultant, Blaise Wabo explains the different options available to title companies.

  • “Failed” Your SOC Examination? Here’s Why
    While you theoretically cannot fail a SOC examination, there are SOC reports that have control design or operating deficiencies, which result in the audit report opinion to be modified or qualified. In this whitepaper, A-LIGN Managing Consultant, Sue Wells explains the different reasons why this could happen.

  • Outline of Revisions in PCI DSS 3.2
    In light of the release of PCI DSS 3.2, the experienced assessors at A-LIGN have assembled a detailed outline of the changes in PCI DSS 3.2 including implementation timelines, changes to the requirement, changes to the assessment procedure and notes made by our QSA’s to be aware of.

  • Building HITRUST: Related Frameworks, Scoping and Scoring
    At the core, HITRUST CSF (Common Security Framework) is build upon other standards and authoritative sources relevant to the healthcare industry, including ISO 27001, NIST SP 800-53, and HIPAA: Security, Breach and Privacy rules. In compiling these standards, HITRUST is able to align existing controls and requirements from standards, regulations, business and third-party requirements by incorporating compliance and risk management principles.

  • What are the Top Policies and Procedures Needed for a SOC 2 audit?
    The core of SOC 2/AT 101 Examinations is based upon the AICPA’s Trust Services Principles (TSPs).  The TSPs mandate that an organization have information documented regarding their security and operational policies, procedures, and processes in place for consistent compliance. For your convenience, A-LIGN has compiled the top twelve policies for any service organization to establish when undergoing a SOC 2/AT 101 Examination.

  • How HITRUST Mitigates the Challenges Facing Healthcare
    Healthcare currently faces strict regulatory needs, causing many challenges when considering the options for risk management and mitigation. In order to ease these challenges, HITRUST can be implemented to minimize risk and alleviate healthcare pain points.

  • Relevant Audit Selection for Cloud Providers
    We detail the different kinds of audits that are applicable to the Cloud industry based on what kind of service they provide: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).

  • A-LIGN’S Cybersecurity Defense Guide
    2014 was an eye-opening year in regards to cybersecurity. In this whitepaper, we explore the different attacks that happened and give detailed insight into how to protect your organization from attack.