Compliance

Work for It: Earning Our Clients’ Business

Author: Scot Thrower, Business Development Manager at A-LIGN. Feeling stuck in a relationship with your current audit and security solutions provider? It doesn’t have to be that way! A-LIGN provides compliance solutions without multi-year contracts or strings attached. While other providers lock you into costly, multi-year contracts…

Read More

An Overview of the HITRUST CSF and Related Frameworks

The HITRUST CSF is a comprehensive, certifiable security framework that pulls from HIPAA/HITECH, ISO 27001, NIST SP 800-53, COBIT, and PCI DSS, combining them to create a powerful framework. The HITRUST CSF provides an integrated, prescriptive framework that works with the needs…

Read More

Vendor Due Diligence & Contract Review: Getting Your Regulatory & Compliance Requirements in Order for the New Year

Most people make their New Year’s resolutions on New Year’s or just after it.  But when it comes to regulatory and compliance requirements, all companies should be looking to make their resolutions in the fall.  Take a cue from retail.  As we walk through a mall, it’s not even Thanksgiving but the holiday decorations are already out.  Right now is the time to take a preemptive strike on your regulatory and compliance needs. So many of our clients contact us in the fall and forget of their regulatory and compliance requirements that they contractually have with a particular vendor or customer.  This is why fall is always a busy time for us at A-LIGN as we deliver on our clients’ needs, wants and expectations.

Read More

PCI Data Security Standard Version 3.0 – Breakdown of Changes to Anticipate

By: Gene Geiger, Partner of A-LIGN Following the 36 month lifecycle the PCI Security Standards Council (“Council”) has established for the published standards, Version 3.0 of the PCI Data Security Standard is in the final stages before it will be released on November 7, 2013. Through several webinars and documents provided to stakeholders, the Council has provided information on the final draft in order to receive feedback at the 2013 Community that will be held in Las Vegas September 24 – 26. The core twelve requirements remain the same, but after a review of the changes and guidance provided by the Council, the change to Version 3.0 is more comprehensive than we experienced with previous version changes. However, due to the impact of these changes and the time it may take to fully comply with the requirements of Version 3.0, Version 2.0 may be used for assessment until December 31, 2014. Nonetheless, the Council encourages adoption of Version 3.0 as soon as practical.

Read More

PCI Security Standards Council Releases New Information Supplement on Cloud Computing

In February the PCI Security Standards Council (the “Council”) released a new information supplement related to the application of the Payment Card Industry Data Security Standards (“PCI DSS”) requirements in the Cloud. The goal of the information supplement is to assist Merchants and Cloud Service Providers (“CSP”) maintain PCI DSS compliant environments and also to guide the Qualified Security Assessors (“QSA”) that are tasked with performing the validation assessments.

Read More

Bundling your Compliance Needs

At A-LIGN we continue to develop our service offerings to better meet our clients needs.  If you are required to comply with multiple compliance standards we are able to offer bundled engagements that take advantage of the overlap between the various regulatory and compliance standards.  We provide our clients with the ability to deal with one audit firm for all of their compliance needs. This process can reduce the overall impact of the audit to your organization while reducing the engagement fees.

Read More

A-LIGN Security and Compliance Services To Present Webinar, “Reducing Audit Impact by A-LIGNing PCI DSS, SOC 1 & 2 Requirements”

Gene Geiger, Director at A-LIGN Security and Compliance Services will present a webinar to share practical recommendations for improving overall audit efficiency which will lead to reduced audit impact, audit costs and audit fatigue. The presentation will take place on April 18, 2012 from 1-2 pm EST. All individuals/organizations are…

Read More

Evaluating Managed Service Providers’ PCI DSS Compliance

You need a managed service provider to outsource information technology services for your organization, but since you are in the payment card industry, they will need to be PCI DSS compliant. So you Google the service you need, compile a list of possible vendors, review their website and see that critical PCI DSS logo, so you are good-to-go, right? Maybe. The PCI Data Security Standard (“DSS”) is a set of information security standards published by the PCI Security Standards Council (“SSC”) for companies that store, process or transmit cardholder data. The PCI DSS includes twelve requirements that companies are required to implement in order to be PCI DSS compliant. When considering PCI DSS compliant service providers it is critical to understand which of their service offerings have been validated as PCI DSS compliant and which requirements were included in the assessment. If I had a nickel for every time a client said “they are PCI DSS so we are OK” I could buy a gallon of gas.

Read More