Ransomware attacks are occurring more often, have become more harmful and now cost businesses a great deal of resources. A-LIGN’s 2022 Benchmark Report showed that of those surveyed, only 39% of organizations have a plan in place, whereas 40% are “planning to develop” something in the future, and 10% said they don’t view ransomware as a main cybersecurity concern. This gap is leaving businesses vulnerable to attacks. To help you best prepare for a cybersecurity event, we break down what goes into a ransomware preparedness assessment

A-lign ransomware preparedness

Contact A-LIGN to learn more about our one-of-a-kind Ransomware Preparedness Assessment.  

How SOC 2 and ISO 27001 Create Business Value for Your Organization

by: Patrick Sullivan 06 Sep,2022 3 mins

For many, compliance is more than a legal necessity. More and more organizations now use compliance management as a way to create business value.     

In our 2022 Compliance Benchmark Report, we surveyed more than 700 cybersecurity, IT, quality assurance, internal audit, finance, and other professionals about their compliance programs. Our findings indicated that an increasing number of organizations are now using SOC 2 reports and ISO 27001 certifications as a way to increase revenue and win new business.   

The factors driving compliance programs   

When we asked survey respondents about the key factors driving their organization’s compliance programs, the top three responses were:  

  • Increase revenue / win new business  
  • Meet board and C-level mandates
  • Fulfill regulatory requirements

It’s no surprise that C-level mandates and regulatory requirements are a top driver of compliance programs. Executives and board members are legally required to oversee their organizations’ compliance programs, along with routinely taking action to mitigate compliance risks. Plus, several industries are legally required to abide by certain standards. HIPAA, for instance, is a federal law designed to ensure the security of healthcare patient data. 56% of our survey respondents were either planning, or already in the process of gaining, HIPAA compliance and 32% of respondents deemed HIPAA as one of their business’ most important services.     

A whopping 63% of the organizations surveyed have conducted an audit or assessment to help increase revenue or drive new business. Organizations are continuing to take note of the strategic advantage compliance offers — as customers are increasingly concerned about cybersecurity risks and emboldened to ask partners for assurances that their data and information is secure.      

Our team looked into what report or certification helps close the most deals and saw that SOC 2 is the most requested report or certification. That may be the reason why more than two-thirds of our survey respondents (67%, to be exact) said they were either currently completing a SOC 2 audit or had one scheduled within the next year.   

The value of SOC 2 and ISO 27001 

Applicable to all industries, SOC 2 and ISO 27001 are two of the most effective cybersecurity frameworks. Pursuing a SOC 2 report or an ISO 27001 certification (or both) can help increase trust with customers, prospects, and partners.    

A SOC 2 audit is performed to ensure an organization is able to securely manage their data in order to protect the privacy of both the organization and its clients. Most customers and partners want to know the steps an organization is taking to protect their data and they want to see that their process is validated by a trusted, independent auditor.     

Our experts recommend proactively completing a SOC 2 audit before a customer asks to see a report. Scheduling an audit and having a report on-hand when a prospect asks for one will prevent you from delaying important deals.      

ISO 27001 is a certification organizations use to ensure they have an effective cybersecurity program in place. This international standard focuses on data confidentiality, integrity, and availability. Having an ISO 27001 certification showcases your organization’s commitment to data protection.     

By building a culture of information security and diligence, organizations can reduce security incidents through implemented controls that are specific to their unique risks. Customers and partners will also feel more at ease entering a deal where the organization they want to work with has proven their dedication to risk management.  

Unlock revenue through compliance   

Cyberattacks remain on the rise and, despite looming economic uncertainty, organizations will continue to invest in partners who prove their commitment to cybersecurity. That’s why compliance audits and attestations continue to be a valuable differentiator for organizations looking to woo new clients — or simply protect their own data and information.     

A-LIGN is the top issuer of ​​SOC 2 reports in the world, having completed over 5,000 assessments for organizations across the country. We are also an accredited ISO 27001 certification body and can assist your company in leveraging compliance audits to strategically position you for success with customers and prospects.    

Want to unlock revenue through compliance? Contact A-LIGN today!  

Get started by downloading our ISO 27001 checklist.

A-LIGN’s Mike Herdegen Named Tampa Bay Business Journal’s 2022 CIO of the Year Honoree  

by: A-LIGN And Pinal Desai 25 Aug,2022 3 mins

Chief Technology Officer at A-LIGN Recognized as a Top Tampa Bay Executive in Information Technology   

A-LIGN, the leading cybersecurity compliance and audit firm, today announced that the company’s Chief Technology Officer, Mike Herdegen, has been named a 2022 CIO of the Year honoree by the Tampa Bay Business Journal. This award recognizes top information technology executives and emerging leaders in Tampa Bay who are using innovative ways to create a competitive advantage and grow their companies.   

Tampa Bay Business Journal’s CIO of the Year awards program is the most prestigious recognition of Tampa Bay’s top IT leaders and executives. CIOs and CTOs play a critical role in corporate success as technology continues to be a driving factor to operational success in the Tampa Bay business world. These leading executives’ roles daily expand and evolve from IT infrastructure, platforms, and cybersecurity to hardware and software development.   

Herdegen is responsible for internal IT operations, ensuring A-LIGN operates against the highest standards for security in protecting information and system integrity. He also oversees the development of A-LIGN’s compliance management platform, A-SCEND, which enables customers to streamline their audits, save time and resources through automation, and demonstrate their security posture year-round.   

“One of the reasons I came out of retirement to join A-LIGN was because of the organization’s values. A-LIGN has a culture of collaboration, expertise, integrity, and vision,” said Mike Herdegen, CTO at A-LIGN. “The A-SCEND features we are currently rolling out include market-leading new capabilities that keep pace with the rapidly-evolving expectations of our customers. At A-LIGN, support means exceptional service for our clients and opportunities for our employees, and we focus on people and technology to achieve both.”   

The Tampa Bay Business Journal selected 2022 CIO of the Year honorees based on: accomplishments, leadership efforts, ethics in management and business practices, philanthropic contributions and involvement, significant projects spearheaded during the pandemic and over the past year, and how such initiatives have strengthened the company’s strategic market position.  

Herdegen’s team of over 50 domestic and international IT professionals and developers have reimagined the A-SCEND product from an internal facing audit tool to an external facing solution to scale the organization’s footprint in the market as a leader in the cybersecurity service industry. The SaaS platform is purpose-built, performing end-to-end cybersecurity audits through the entire compliance process.   

With an innovative single-provider, readiness-to-report approach, Herdegen’s primary goal over the last year and a half has been to transform A-SCEND into a cybersecurity platform that assists over three thousand clients in their compliance initiatives, and allows their audits to be as streamlined and successful as possible.  

Outside of A-LIGN, Herdegen serves as the primary information technology resource at Think Big for Kids, helping underprivileged youth discover their untapped potential by bringing them exciting career exploration, mentorship, and skill development opportunities. Additionally, Herdegen is on the Tampa Bay Estuary Program’s (TBEP) Community Advisory Committee, responsible for judging the grants provided by TBEP and facilitating grant decision meetings.    

To learn more about the team at A-LIGN, please visit our website.  

For more information about TBBJ’s CIO of the Year honorees and awards and programs, visit

https://www.bizjournals.com/tampabay.   

About A-LIGN  

A-LIGN is the only end-to-end cybersecurity compliance solutions provider with readiness to report compliance automation software paired with professional audit services, trusted by more than 3,300 global organizations to help mitigate cybersecurity risks. A-LIGN uniquely delivers a single-provider holistic approach as a licensed CPA firm to SOC 1 and SOC 2 Audit services, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, HITRUST CSF Assessor firm, accredited FedRAMP 3PAO, candidate CMMC C3PAO, PCI Qualified Security Assessor Company, and PCI SSC registered Secure Software Assessor Company. Working with growing businesses to global enterprises, A-LIGN’s experts and its compliance automation platform, A-SCEND, are transforming the compliance experience.    

Media Contact:  

Danielle Ostrovsky 
Hi-Touch PR 
410-302-9459 
[email protected]

Zero trust is an important part of President Biden’s Executive Order (EO) on Improving the Nation’s Cybersecurity issued in May of 2021 and will continue to gain popularity as an effective cybersecurity solution. It focuses on restricting information access within an organization to only those who absolutely need to access the data. The entire point of zero trust is to assume that everyone is a potential threat actor and therefore, no internal or external users or systems are trusted. 

In our 2022 Compliance Benchmark Report, we surveyed more than 700 cybersecurity, IT, quality assurance, internal audit, finance, and other professionals about their compliance programs. Here’s what we learned about how organizations are implementing zero trust strategies.  

To learn more about strategically implementing a zero-trust architecture within your organization, complete our form below and one of our trusted experts will reach out directly. 

A-LIGN’s A-SCEND Compliance Automation Platform Wins 2022 SC Media Excellence Award

by: A-LIGN And Pinal Desai 22 Aug,2022 2 mins

A-SCEND Compliance Automation Software Selected as Winner in the Best Regulatory Compliance Solution Category   

Tampa, Florida – August 22, 2022 – A-LIGN, the leading cybersecurity compliance and audit firm, today announced that A-SCEND has won the 2022 SC Awards in Excellence for Best Regulatory Compliance Solution. The announcement was made today as part of SC Media’s 2022 SC Awards coverage. The industry awards program is cybersecurity’s most prestigious and competitive program, recognizing the solutions, organizations, and people driving innovation and success in information security. 

“We’re proud to be recognized for the innovation we are providing to the cybersecurity compliance industry with A-SCEND, the only end-to-end cybersecurity compliance solution designed to meet organization’s audit needs from readiness to report,” said Scott Price, CEO at A-LIGN. “We will continue to innovate through A-SCEND in ways that make compliance faster and easier for our global clients.” 

Now in its 25th year, the 2022 SC Awards were the most competitive to date, with a record 800 entries received across 38 categories, expanding its recognition program to include several new award categories that reflect the shifting dynamics and emerging industry trends. Excellence Award winners were selected by a world-class panel of industry leaders from sectors including healthcare, financial services, manufacturing, consulting, and education, among others.  

“The information security needs of organizations are dynamic, and a simple buy-sell relationship with a vendor will rarely be good enough,” said Jill Aitoro, senior vice president of content strategy at CyberRisk Alliance and editor in chief of SC Media. “The Excellence Award winners demonstrate they understand that their responsibility to customers goes well beyond the sale of a product or service.” 

To view the full list of Excellence winners please click here

About A-LIGN 

A-LIGN is the only end-to-end cybersecurity compliance solutions provider with readiness to report compliance automation software paired with professional audit services, trusted by more than 3,300 global organizations to help mitigate cybersecurity risks. A-LIGN uniquely delivers a single-provider holistic approach as a licensed CPA firm to SOC 1 and SOC 2 Audit services, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, HITRUST CSF Assessor firm, accredited FedRAMP 3PAO, candidate CMMC C3PAO, PCI Qualified Security Assessor Company, and PCI SSC registered Secure Software Assessor Company. Working with growing businesses to global enterprises, A-LIGN’s experts and its compliance automation platform, A-SCEND, are transforming the compliance experience. 

About CyberRisk Alliance 

CyberRisk Alliance (CRA) is a business intelligence company serving the high growth, rapidly evolving cybersecurity community with a diversified portfolio of services that inform, educate, build community, and inspire an efficient marketplace. Our trusted information leverages a unique network of journalists, analysts and influencers, policymakers, and practitioners. CRA’s brands include SC Media, SecurityWeekly, ChannelE2E, MSSP Alert, InfoSec World, Identiverse, Cybersecurity Collaboration Forum, its research unit CRA Business Intelligence, and the peer-to-peer CISO membership network, Cybersecurity Collaborative. Click here to learn more

Media Contact: 

Danielle Ostrovsky 
Hi-Touch PR
410-302-9459 
[email protected] 

A SOC 2 report is a third-party validation that attests to an organization’s ability to protect data and information. It’s widely accepted across industries and provides a singular asset that can be used in the due diligence process with multiple prospects and customers — replacing the need to undergo a custom cybersecurity audit with each new customer.    

To obtain a SOC 2 report, a company must submit to an audit whereby assessors evaluate the internal controls used to secure information, along with the systems, technology, and staff roles within the organization. Although some organizations tout they can complete this process in two weeks, experienced CPAs repeatedly declare that 14 days is simply not enough time to properly and thoroughly complete all aspects of the SOC 2 audit process.  

In this blog, we’ll review each step of the SOC 2 audit process and explain how long each aspect of the audit process takes. This piece is meant to serve as a general guideline, as audit timelines can vary significantly based on the size of a company and the complexity of its environment and services.  

Step 1: Find the Right Partner and Team 

The first step toward completing a SOC 2 audit is to engage with an audit partner. It’s important to note that SOC 2 audits are regulated by the AICPA and reports can only be generated by an external auditor from a licensed CPA firm — like A-LIGN. Once you engage with a partner, there will be some preliminary discussions to define the scope of the project and sign a contract. 

If this is your first time pursuing a SOC 2 report, we highly recommend completing a SOC 2 readiness assessment to examine any gaps in controls or processes prior to an official audit. This can help you save time (and money) before undergoing the bulk of the SOC 2 audit process. 

Once you’re ready to officially proceed, contracts will be signed and the official engagement will begin. At that point you will be introduced to your SOC audit team. At A-LIGN, SOC 2 audit teams typically consist of a senior manager, manager, and auditor.  

Senior managers and managers act as primary points of contact during preliminary discussions. Auditors take over as the point person when it’s time for walkthroughs, testing, and evidence review. All three of these roles work together throughout the entire audit to ensure you are supported and informed every step of the way. By leveraging the A-SCEND platform, clients are able to have direct access to the audit team to flag, ask questions, and submit evidence on a real-time basis. The tool will help companies stay organized throughout the audit process and have a clear understanding of what is required.  

Step 2: Information Requests 

Estimated Timeline: 2-3 Business Days 

First your audit team will generate an Information Request List (IRL) for your organization. This list of essential information is based on: 

  • The prior year’s report (if you have completed the SOC 2 process before) 
  • The scope 
  • The trust services criteria 
  • Other factors determined during the scoping phase (ex. new technology, locations, third-party services being leveraged, cloud hosting services, etc.) 

When partnering with A-LIGN, your audit team will publish this list for you through the A-SCEND platform. The A-SCEND platform is an audit and compliance management software tool that streamlines the audit process. A-SCEND keeps all evidence requests in one single place, tracks your audits progress, automates your readiness assessment, and consolidates information for any future compliance audits you may want to pursue. 

After the IRL has been published, there will be a call with the SOC audit team to re-confirm the timing and scope of the project. 

Step 3: Evidence Collection for a SOC 2 Audit 

Estimated Timeline: Varies 

Depending on the scope of the audit, the time it takes for evidence collection can vary. To expedite the process, clients can use automated evidence collection (AEC) and the Policy Center with the A-SCEND platform.  

Evidence collection can be a time-intensive process. Many experts recommend using compliance software tools to help reduce time and make the process more efficient. At A-LIGN, we encourage clients to use our tool, A-SCEND. Our software automatically collects evidence via cloud integration APIs. Once the evidence is collected it is transformed into readable reports that are automatically mapped to the corresponding evidence requests from the IRL. This process reduces the amount of effort, time and resources required for providing evidence.  

If the need for a SOC 2 report is urgent, the collection period can be shortened. If you anticipate this will be the case for your company, it’s important to be prepared. Consider gathering essential materials prior to your kick-off call with your audit partner so everything is organized in one place. We also recommend you make sure you have staff resources assigned to assist with the SOC 2 process ahead of time, so you can reduce the risk of other internal priorities cutting into your SOC 2 efforts.  

Step 4: Fieldwork  

Estimated Timeline: 2-6 Weeks 

Once evidence collection is complete, fieldwork (formal walkthroughs of your environment) will officially begin. The goal of this phase is to gain an in-depth understanding of your organization’s controls, processes, and procedures related to people and technology. The length of fieldwork will vary depending on the scope, locations, applications, and trust criteria. Generally, you can expect this phase of the SOC 2 audit process to last anywhere between two to six weeks. 

Step 5: The SOC 2 Report 

Estimated Timeline: 3 Weeks 

After completing the walkthroughs and testing, the SOC audit team will generate a SOC 2 report for your company. The SOC 2 report comes in two parts: 

  1. Draft: You’ll receive a draft report within three weeks of completing the fieldwork, sometimes earlier depending on deadlines and the complexity of the scope. During this draft report phase, you’ll have the opportunity to review the assertion, opinion, system description, and testing of the controls. If necessary, you can provide feedback or ask questions of the audit team. Once the draft report is approved internally, you’ll sign a management representation letter and notify your SOC 2 team that they can proceed with the final report. 
  1. Final Report: One to two weeks after the draft has been approved, you’ll receive a final report with any updates or clarifications requested in the draft phase. 

Partner with A-LIGN to Begin Your SOC 2 Audit Journey 

Founded in 2009, A-LIGN is the top issuer of SOC 2 audits in the world. We have completed over 5,000 SOC 2 assessments and can confidently say that a proper SOC 2 audit takes at least eight weeks to complete. In planning for your SOC 2, beware of the “14-day audit” promise — this is likely only referring to the audit readiness timeline. At A-LIGN we provide the tools and expertise to help you during every step of the SOC 2 audit journey — from readiness to report.  

Ready to pursue a SOC 2 audit for your business? Speak to an expert at A-LIGN to get started. 

A-LIGN Named on Inc. 5000 List of Fastest Growing Companies for Sixth Consecutive Year

by: 16 Aug,2022 3 mins

With Three-Year Revenue Growth of 145 Percent, A-LIGN Receives Ranking No. 3569 Among America’s Fastest-Growing Private Companies 

A-LIGN, the leading cybersecurity compliance and audit firm, announced today that the company is No. 3569 on the annual Inc. 5000 list, the most prestigious ranking of the fastest-growing private companies in America. This is the sixth consecutive year the company has been recognized on the list, which represents the most successful private companies with a proven track record of growth. The list represents a one-of-a-kind look at the most successful companies within the economy’s most dynamic segment—its independent businesses. Facebook, Chobani, Under Armour, Microsoft, Patagonia, and many other well-known names gained their first national exposure as honorees on the Inc. 5000. 

“We are honored that A-LIGN has received its ranking on the 2022 Inc. annual list 5000 as No. 3569,” said Scott Price, CEO at A-LIGN. “We are incredibly proud that our outstanding team is once again recognized among America’s fastest growing private companies. It is truly an honor to be named by the prestigious Inc. magazine alongside these incredible businesses. I am deeply moved by the commitment and dedication of the entire team at A-LIGN, and look forward to the coming months as we continue to provide premier technology paired with expert professional services to our global clients.” 

The companies on the 2022 Inc. 5000 have not only been successful, but have also demonstrated resilience amid supply chain woes, labor shortages, and the ongoing impact of Covid-19. Among the top 500, the average median three-year revenue growth rate soared to 2,144 percent. Together, those companies added more than 68,394 jobs over the past three years. Complete results of the Inc. 5000, including company profiles and an interactive database that can be sorted by industry, region, and other criteria, can be found at www.inc.com/inc5000.  

“The accomplishment of building one of the fastest-growing companies in the U.S., in light of recent economic roadblocks, cannot be overstated,” says Scott Omelianuk, editor-in-chief of Inc. “Inc. is thrilled to honor the companies that have established themselves through innovation, hard work, and rising to the challenges of today.”

About A-LIGN

A-LIGN is the only all-in-one cybersecurity compliance company with end-to-end-compliance automation software and auditor expertise, trusted by more than 3,300 global organizations to help mitigate cybersecurity risks. A-LIGN uniquely delivers a single-provider approach as a licensed SOC 1 and SOC 2 Auditor, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, HITRUST CSF Assessor firm, accredited FedRAMP 3PAO, candidate CMMC C3PAO, PCI Qualified Security Assessor Company, and PCI SSC registered Secure Software Assessor Company. Working with small businesses to global enterprises, A-LIGN’s experts and its compliance automation platform, A-SCEND, are transforming the compliance experience.

More about Inc. and the Inc. 5000 

Methodology 

Companies on the 2022 Inc. 5000 are ranked according to percentage revenue growth from 2018 to 2021. To qualify, companies must have been founded and generating revenue by March 31, 2018. They must be U.S.-based, privately held, for-profit, and independent—not subsidiaries or divisions of other companies—as of December 31, 2021. (Since then, some on the list may have gone public or been acquired.) The minimum revenue required for 2018 is $100,000; the minimum for 2021 is $2 million. As always, Inc. reserves the right to decline applicants for subjective reasons. Growth rates used to determine company rankings were calculated to four decimal places. The top 500 companies on the Inc. 5000 are featured in Inc. magazine’s September issue. The entire Inc. 5000 can be found at http://www.inc.com/inc5000

About Inc. 

The world’s most trusted business-media brand, Inc. offers entrepreneurs the knowledge, tools, connections, and community to build great companies. Its award-winning multiplatform content reaches more than 50 million people each month across a variety of channels including websites, newsletters, social media, podcasts, and print. Its prestigious Inc. 5000 list, produced every year since 1982, analyzes company data to recognize the fastest-growing privately held businesses in the United States. The global recognition that comes with inclusion in the 5000 gives the founders of the best businesses an opportunity to engage with an exclusive community of their peers, and the credibility that helps them drive sales and recruit talent. The associated Inc. 5000 Conference & Gala is part of a highly acclaimed portfolio of bespoke events produced by Inc. For more information, visit www.inc.com.

For more information on the Inc. 5000 Conference & Gala, visit http://conference.inc.com/.  

Media Contact:

Danielle Ostrovsky
Hi-Touch PR
410-302-9459
[email protected]

With the cost of cybercrime predicted to hit $10.5 trillion by 2025, many organizations consider enhancing their cybersecurity programs a top priority. One of the most surefire ways to find gaps in protection comes from completing multiple security audits. But with so many potential audits to pursue, it can be difficult to manage multiple workstreams and keep track of varying control elements.  

Audit consolidation — or, conducting audits in tandem as a singular annual event — is one way that organizations can maximize efficiency. 

Our 2022 Compliance Benchmark Report takes a deeper look into organizations’ views on audit consolidation. We surveyed more than 700 cybersecurity, IT, quality assurance, internal audit, finance, and other professionals about their audit programs to gain a better understanding of their organization’s position on minimizing risk and maximizing efficiency. 

One of the biggest findings we uncovered during our research is that even though 85% of organizations conduct more than one audit every year, only 15% of the same organizations have consolidated their audits down to a single, annual event.  

Frequent audits can be costly and time-consuming, and some industries would highly benefit from audit consolidation. Our survey found that 37% of IT organizations conduct 4-5 audits per year.  We also found that 30% of finance organizations and 35% of government organizations conduct 6 or more audits annually.  

By consolidating the auditing process, organizations can work more efficiently, freeing up resources to focus on other aspects of the business. But despite these benefits, not all organizations prioritize streamlining their audit programs. 

Consolidation efforts vary by industry  

Our survey results found an interesting pattern: certain industries tend to consolidate audits more than others. The healthcare industry is particularly savvy when it comes to audit consolidation, with almost a quarter of healthcare organizations (24%) consolidating audits into a single annual event. This is an increase of 6% from last year, pushing the industry from one of the lowest adopters of audit consolidation to the sector with the highest adoption. With healthcare providers seeing a 117% increase in website/IP security alerts due to malware in the past year, it’s not surprising to see a greater emphasis on security audit efficiency. 

The professional services industry now has the lowest percentage of audit consolidation, hovering at 8%.  

Audit consolidation minimizes stress   

The audit process can be exhausting. Many staff members are often forced to step away from their normal daily responsibilities in order to ensure accurate results during an audit, which requires significant time and energy from every party involved. This reduction of working time can hinder the productivity of the organization.  

When asked about the greatest challenge of their audit process, organizations’ top responses were: 

  • Limited staff resources (27%) 
  • Tedious and manual evidence collection (21%)  
  • The complexity of multiple audits (16%)  

Even with their challenges known, organizations may still struggle to find solutions. A useful tool for assisting consolidation efforts is compliance management software. This software is capable of:  

  1. Deduplicating evidence collection efforts, allowing organizations to upload a piece of information once and use that information across multiple audits. 
  2. Cross-walking, which is the ability to see how close an organization is to completing additional audits based on the work completed for a current audit. 
  3. Centralizing Evidence Collections, which saves time by uploading evidence before fieldwork with one-click batch processing.

Automation tools and audit consolidation can help minimize internal disruptions, along with eliminating redundancies and identifying gaps in coverage.  

Consolidating audits with a Master Audit Plan  

The best way to consolidate your audits is by using a master audit plan (MAP). ​​These detailed plans provide an organization with a more effective approach to the auditing process, offering a clear view of scoping, timing, and internal rhythms.  

A-LIGN has a systematic and strategic 4-step approach to building MAPs for organizations and helping them complete audit requirements. A-LIGN will: 

  1. Review current practices and define the audit scope  
  2. Create customized timeline recommendations and identify areas of improvement 
  3. Determine and confirm a holistic audit approach  
  4. Deliver an efficient, collaborative, and scalable audit program 

Paired alongside A-LIGN’s A-SCEND audit management platform, a MAP can simultaneously consolidate your organization’s audits while also minimizing expenses and improving productivity. 

Start building your own MAP 

Although organizations usually complete at least one audit per year, there is no limit for the number of audits that can be completed. However, if your organization conducts more than one audit per year, creating and implementing your own MAP is a strategic investment that will save you time and money.  

A-LIGN works with organizations throughout the entire audit process. Our team of experts ensures your MAP grows with your business and operates as a living document that is continuously updated to reflect the evolution of your audit process. 

Equip your organization with a MAP to efficiently consolidate audits. Contact one of our experts to get started. 

Telemedicine has seen a massive rise in popularity since 2019. But with its rise in popularity amongst patients came more security incidents and breaches, as this new technology became a major target for threat actors.  

In fact, with the recent rise in telehealth services, healthcare providers have seen a 117% increase in website/IP security alerts due to malware, along with a 56% increase in endpoint vulnerabilities that enable data theft. 

Why such a change? Traditionally, patient care was provided within a healthcare facility, where the equipment used for treatments was physically located on-site. In this controlled environment, frameworks like HITRUST could be used to protect patient data. 

However, in the case of telemedicine, healthcare delivery organizations (HDOs) are relying on telehealth and remote patient monitoring (RPM) capabilities to treat patients at home. These devices need to use a third-party internet connection and most likely work through the use of a third-party video conferencing platform as well. 

Without adequate privacy and cybersecurity measures for this new normal, unauthorized individuals may expose sensitive data or disrupt patient monitoring services. Even with heightened security concerns, telehealth providers are not able to physically enter the homes of all of their patients to make sure they are using adequate cybersecurity measures. 

This is why organizations offering telehealth services will greatly benefit from the new NIST (National Institute of Standards and Technology) publication. 

The Release of the New NIST SP 1800-30  

While HDOs do not manage and deploy privacy and cybersecurity controls unilaterally, they are responsible for ensuring that appropriate controls and risk mitigation are applied. 

For the last two years, the National Cybersecurity Center of Excellence (NCCoE), a division of NIST, has been working on providing guidance to the industry on ensuring the confidentiality, integrity, and availability of patient data. In February of this year, the final version of NIST Special Publication 1800-30 (NIST SP 1800-30), Securing Telehealth Remote Patient Monitoring Ecosystem, was released.  

NCCoE developed NIST SP 1800-30 to form a reference architecture that demonstrates how organizations can adopt a standard-based approach to their telehealth protocol and use it alongside commercially available cybersecurity tools. Made in collaboration with leading healthcare, technology, and telehealth partners, the overarching goal is to improve privacy and security within the telehealth ecosystem. 

This is a big win for the industry because NIST SP 1800-30 will help achieve two major objectives:  

  1. Adding additional support for provider organizations  
  2. Providing guidance on deploying and implementing platforms  

Added Support to Provider Organizations 

Due to the rapid rise in the popularity of telemedicine services, HDOs have consistently lacked support when it comes to keeping sensitive information safe.  

NIST SP 1800-30 will help provider organizations keep telehealth and RPM systems secured by teaching them how to deploy the most effective cybersecurity and privacy controls. The framework updates security policies and procedures, providing more insight into how HDOs can select the right technology vendor to help deliver their telehealth services.  

Guidance on Deploying and Implementing Platforms 

Coming as a relief to many, NIST SP 1800-30 gives platforms, applications, cloud providers, and other third-party internet organizations guidance on deploying and implementing technologies. These platforms will also make it easier for telehealth organizations to augment the safeguards of data communications.   

For the IT professionals who want to implement NIST SP 1800-30, NCCoE has created detailed how-to guides available for download. These guides provide specific product installation, configuration, and integration instructions for building the example implementation shown in the documentation.  

Additionally, NIST SP 1800-30 informs HDOs of both technical and nontechnical supporting capabilities of medical device cybersecurity, as stipulated within the NIST Cybersecurity for Internet of Things Standards. 

What Organizations Should Do Now  

If you are a healthcare provider that uses telehealth to provide care to patients or a technology company supporting telehealth infrastructure, make sure you are working with your security and privacy consultants to help implement the NIST SP 1800-30 standard across your organization.  

As a top cybersecurity compliance assessment organization, A-LIGN can help your organization ensure that patient data remains secure. Our experts understand the nuances of NIST control elements and can help you navigate through NIST SP 1800-30. 

Contact A-LIGN today to learn more about cybersecurity tools specifically for organizations offering telehealth services.