A-LIGN Insights: March 2022

A-LIGN Insights: March 2022

In this issue we announce a new cybersecurity podcast, discuss the launch of PCI DSS 4.0, learn what’s new in ISO 27002:2022 and much more.


SOC 2 for Beginners
Join us on March 30th at 2:00pm ET as Scot Thrower, A-LIGN’s Vice President of Solutions Advisory, discusses how your organization can best achieve SOC 2 compliance, and John Baughman, A-LIGN’s Solutions Advisor, demonstrates how technology can assist with various audits. You won’t want to miss this! Register here.

Featured Content

Preparing for a Cyberwar: What You Should Be Doing Right Now
Every organization needs to be on high alert for cyber-attacks, especially now. Joe Cortese, A-LIGN’s Technical Knowledge Leader and Research and Development Director, breaks down what organizations can do to take a proactive approach to cybersecurity. Learn more.

Celebrating International Women’s Day
In honor of International Women’s Day, Arti Lalwani, A-LIGN’s Risk Management and Privacy Knowledge Leader, was featured in Security Magazine. She shares her thoughts on increasing diversity within the cybersecurity industry. Read Arti’s feature here.

COMING SOON:  A-LIGN Knowledge Leaders’ “Compliance Crosswalk” Podcast Launches March 31st
Cybersecurity and compliance industry veterans, and former lead auditors, Arti Lalwani and Blaise Wabo, discuss the intersection of security, privacy and compliance. Topics will include guest interviews with industry experts, the latest updates to security frameworks, the business implications of compliance (and non-compliance), and discussions about compliance challenges, tips and tricks.  New episodes will launch the last Thursday of each month, with occasional special features. Click here to tune in on March 31st for our first episode.

SOC 2: Type 1 or Type 2?
Do you know if you need a SOC 2 Type 1 or Type 2 report? Alex Welsh, one of A-LIGN’s experienced auditors, walks you through the difference between a Type 1 and Type 2 report to understand which is best for your organization. Learn more.

Understanding Federal Supply Chain Risk Management
Is your organization up to date in its supply chain risk management practices? It’s crucial regardless of industry, and especially if you touch the federal supply chain. Read our new blog by Tony Bai, A-LIGN’s Federal Practice Lead, to learn why. Read more.

15 Ways to Prevent Data Breaches in Your Organization
Did you know the cost of a data breach increased 10% in the past 12 months, the highest increase in the last seven years? Joe Cortese, A-LIGN’s Technical Knowledge Leader and Research and Development Director, reviews 15 ways your organization can better protect itself against data breaches caused by human error.  Learn how.

Does My European Business Need a FedRAMP Assessment?
FedRAMP isn’t just for U.S.-based companies: a growing number of European #CSPs have been leveraging our services to achieve FedRAMP ATO status. Huw Pegler, A-LIGN’s VP of European Sales, reveals how to determine if your global business needs FedRAMP. Read more.

Compliance News

PCI DSS 4.0 Announcement
The PCI Security Standards Council has confirmed that PCI DSS 4.0 is on track to be released to the public at the end of March. Will your organization be required to complete a 4.0 assessment this year?  The answer is ‘no’. PCI DSS 3.2.1 standard will remain a valid standard until March of 2024. Organizations may choose to undergo a 4.0 assessment later this year, but that will be at the customers discretion at the beginning of their engagement. We will begin discussing the changes related to PCI DSS 4.0 once it’s released to the public and no longer under NDA. New requirements created in PCI DSS 4.0 will be a best practice until 2025, so there is time until you are required to meet the major changes. Keep an eye out in the next few months as we will release more information that will help organizations make an educated decision between PCI DSS 3.2.1 and PCI DSS 4.0. 

What’s New with ISO 27002:2022?
ISO 27002 has been updated, but companies don’t have to worry about compliance issues just yet. Arti Lalwani, A-LIGN’s Risk Management and Privacy Knowledge Leader, provides the information you need to know about the revised standard.  Learn what’s new.

Understanding the New FedRAMP Rev 5 Baselines
Are you a cloud services provider looking to do business with the Federal government? You need to read this important update about the new FedRAMP Rev 5 baselines, provided by A-LIGN’s Federal Practice Lead, Tony Bai. Read now.

4 Reasons Your Organization Should Consider HITRUST i1 Certification
An official certification to prove that your organization follows the latest security best practices can be highly valuable in the eyes of your customers, partners, and prospects. Blaise Wabo, A-LIGN’s Healthcare and Financial Services Knowledge Leader, discusses how HITRUST i1 fills that need, plus three other reasons to consider this new certification. Learn more.

Updated FedRAMP Readiness Assessment Report Guide for 3PAOs – a Summary
#FedRAMP recently updated its guidance for #3PAOs preparing Readiness Assessment Reports (RAR)s. Tony Bai, A-LIGN’s Federal Practice Lead, provides a summary of the exhaustive guide. Read more.

In Case You Missed It

Federal Compliance 101: FedRAMP, FISMA, NIST & CMMC
Government agencies are starting to make signification changes to their cybersecurity posture in response to President Biden’s cybersecurity-focused executive order (EO), issued May 2021. You’re probably wondering what your organization needs to do in order to ensure you are meeting federal compliance needs and addressing the new EO. Watch our Federal Practice Lead, Tony Bai, explain federal assessment and why they are important for your organization. Watch Tony’s webinar here.

A-SCEND Tip of the Month

A-SCEND’s “How to” Video Series: The Engagement Dashboard
In his latest video, Michael Darmanin, A-SCEND’s Senior Technical Support Analyst, shares the ins and outs of A-SCEND’s simple-to-read engagement dashboard. He also walks viewers through A-SCEND’s crosswalk, a particularly useful feature as it reveals how close you are to completing additional certifications, ultimately saving time and resources. Learn more about A-SCEND’s dashboard here.

A-LIGN Team Spotlight

A-LIGN's Featured CLIMBER Miguel Saavedra

Meet Miguel Saavedra
Senior Consultant
“Cybersecurity audits have become a non-negotiable because everything is becoming more and more technology based, especially with the recent pandemic. The risk is getting bigger, and we need to mitigate the risks from every direction we can for our clients.”
Learn more.