At A-LIGN, our assessors share their knowledge with informative audit and compliance whitepapers. We strive to create and share valuable information from our compliance and security professionals.
Below is a list of informative whitepapers written by our compliance and security experts. Please click on the titles to access and download each whitepaper individually. Read, learn, and contact us here if you have any questions.
- How to Avoid Common PCI DSS Assessment Pitfalls
There are a few basic issues that plague many companies when it comes to attempting to comply with (and maintain compliance with) the most prescriptive security frameworks in information security: The Payment Card Industry – Data Security Standards (PCI DSS). In this whitepaper, A-LIGN’s Michael Barnes (who has over ten years of experience performing PCI DSS assessments) will outline common PCI DSS pitfalls and how to avoid them.
- What is the Right Audit for Your Title Company?
While there is no one audit that fits all, nor is there an audit that is currently required within the industry, the answer to our question in the title of this whitepaper is driven by your stakeholder’s request and your organizational objectives. In this whitepaper, A-LIGN Managing Consultant, Blaise Wabo explains the different options available to title companies.
- “Failed” Your SOC Examination? Here’s Why
While you theoretically cannot fail a SOC examination, there are SOC reports that have control design or operating deficiencies, which result in the audit report opinion to be modified or qualified. In this whitepaper, A-LIGN Managing Consultant, Sue Wells explains the different reasons why this could happen.
- Outline of Revisions in PCI DSS 3.2
In light of the release of PCI DSS 3.2, the experienced assessors at A-LIGN have assembled a detailed outline of the changes in PCI DSS 3.2 including implementation timelines, changes to the requirement, changes to the assessment procedure and notes made by our QSA’s to be aware of.
- Building HITRUST: Related Frameworks, Scoping and Scoring
At the core, HITRUST CSF (Common Security Framework) is build upon other standards and authoritative sources relevant to the healthcare industry, including ISO 27001, NIST SP 800-53, and HIPAA: Security, Breach and Privacy rules. In compiling these standards, HITRUST is able to align existing controls and requirements from standards, regulations, business and third-party requirements by incorporating compliance and risk management principles.
- What are the Top Policies and Procedures Needed for a SOC 2 audit?
The core of SOC 2/AT 101 Examinations is based upon the AICPA’s Trust Services Principles (TSPs). The TSPs mandate that an organization have information documented regarding their security and operational policies, procedures, and processes in place for consistent compliance. For your convenience, A-LIGN has compiled the top twelve policies for any service organization to establish when undergoing a SOC 2/AT 101 Examination.
- How HITRUST Mitigates the Challenges Facing Healthcare
Healthcare currently faces strict regulatory needs, causing many challenges when considering the options for risk management and mitigation. In order to ease these challenges, HITRUST can be implemented to minimize risk and alleviate healthcare pain points.
- Relevant Audit Selection for Cloud Providers
We detail the different kinds of audits that are applicable to the Cloud industry based on what kind of service they provide: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
- A-LIGN’S Cybersecurity Defense Guide
2014 was an eye-opening year in regards to cybersecurity. In this whitepaper, we explore the different attacks that happened and give detailed insight into how to protect your organization from attack.
- Migrating your ISMS from ISO 27001 2005 to 2013
We give a simplified overview to the complex task of transitioning your ISO 27001 program from 2005 to 2013.
- Nine Critical Payroll Pain Points and What Payroll Professionals Should Do About Them?
Professor in residence, Dr. Daniel Selby, PhD, CPA, CISA created this whitepaper to address specific pain points in the payroll industry and how they can be overcome.