Fedramp certification & Cybersecurity & Compliance Firm

  With the recent unveiling of CMMC 2.0, the expanded presence of StateRAMP, and new FedRAMP advisory guidelines for external servers, it’s safe to say that 2022 has a lot in store for Federal compliance changes. Tony Bai, A-LIGN’s Federal Practice Lead, and Emily Cummins, Anitian’s Director of Cloud Security, had a chance to sit down and discuss the latest news in federal compliance and what it could mean for your organization. Let’s dive in and get their thoughts on the latest CMMC 2.0 introduction, the new FedRAMP authorization boundary guidance, StateRAMP and more! CMMC 2.0Like everyone else in the world of federal compliance, A-LIGN and Anitian have been closely tracking the Cybersecurity Maturity Model Certification (CMMC) since the U.S. Department of Defense (DoD) shared its initial draft of the model in early 2020. With the release of CMMC 2.0 , three major changes were recently announced: fewer security tiers, removing some third-party assessment requirements, and allo...

Even though compliance is an on-going process, each individual assessment has its own lifecycle, which begins with a self-assessment of scoping factors. This can be a tedious process to complete for every audit, especially if the same questions get asked more than once, or continue to show up in assessment requirements. Fortunately, HITRUST has introduced a strategic approach to its scoping factors, which it announced in its Assurance Advisory: 2020-003 . HITRUST made multiple changes to its scoping factors, streamlining the audit process by mapping scoping factor questions to assessment requirements – eliminating unrelated requirements. The scoping factor now includes additional context to questions to avoid the typical back-and-forth that could occur during QA of the assessment. This Assurance Advisory is set to minimize unrelated requirements when a scoping factor is marked “no” and to curtail the constant flow of “this is not applicable because…” responses currently captured in H...

Is your organisation getting maximum value from its compliance program? Each compliance report or certification you possess is more than just a document — it’s an affirmation to your customers, prospects, and partners that your company understands the importance of cybersecurity and is fully capable of safeguarding sensitive information. To spread the word about the assessments that have been completed and what they actually mean, your organisation needs to identify and leverage all available opportunities to market your compliance program and drive new revenue into the business. Whereas companies in the U.S. — especially in the tech industry — can be quite enthusiastic about promoting their various certifications and achievements, organisations in Europe tend to be a bit more subdued when it comes to compliance marketing. Read on to explore the top tips you should be using to market your unique competitive advantage: compliance. Publish a Press Release The press release is a cornersto...

  The emergence of automated security and compliance solutions still leaves organizations with a problem: these point solutions are unable to provide independent third-party certification. Preparation is a key component to a successful audit, but it is only the first step. A-LIGN is transforming how organizations demonstrate compliance by combining its compliance management platform, A‑SCEND, with its years of audit experience through a single-provider approach – from audit readiness to certification, across multiple security frameworks. An audit encompasses readiness, evidence collection, fieldwork, reporting, and certification. Investing into readiness software alone creates a “last mile” problem, meaning that an organization will still need to invest time and money into an additional service provider to complete its audit. There is a management adage that “a failure to plan is planning to fail,” but when a solution is only focused on preparation then an organization may experien...

Even though compliance is an on-going process, each individual assessment has its own lifecycle, which begins with a self-assessment of scoping factors. This can be a tedious process to complete for every audit, especially if the same questions get asked more than once, or continue to show up in assessment requirements. Fortunately, HITRUST has introduced a strategic approach to its scoping factors, which it announced in its Assurance Advisory: 2020-003. HITRUST made multiple changes to its scoping factors, streamlining the audit process by mapping scoping factor questions to assessment requirements – eliminating unrelated requirements. The scoping factor now includes additional context to questions to avoid the typical back-and-forth that could occur during QA of the assessment. This Assurance Advisory is set to minimize unrelated requirements when a scoping factor is marked “no” and to curtail the constant flow of “this is not applicable because…” responses currently captured in HIT...

As we enter the home stretch of 2021, many organizations are reflecting on this past year and synthesizing lessons learned to inform a more focused and effective business strategy moving forward. Our 2021 Compliance Benchmark Report provided significant insights on how organizations are navigating the current compliance landscape, as well as how they are preparing for the future. By surveying more than 200 cybersecurity, IT, quality assurance, internal audit, finance, and other professionals, we discovered a great deal about what makes compliance programs run smoothly and efficiently, and where there may be areas for improvement for businesses of all sizes and across all industries. Here are five compliance management best practices gleaned from the 2021 Compliance Benchmark Report that you can use to improve your organization’s compliance program. Best Practice #1: Combine Audits for Greater Efficiency One of the standout findings from our Compliance Benchmark Report was the revelat...

In 2021, we saw an increase in international expansion and need for compliance certifications, and big changes in the privacy landscape. As we near the end of the year, European organisations should be thinking ahead to the compliance challenges and opportunities that are coming in 2022. It’s always best to be proactive in strategising for future regulations, standards, and policies — even if you feel your business is currently running with all systems fully operational. Here are a few of the changes, trends, and predictions in the world of European business that I believe will make a big difference throughout 2022. GDPR and the New Standard Contractual Clauses (SCCs) Last year’s court ruling that the EU–U.S. Privacy Shield framework is no longer a valid data transfer mechanism under the General Data Protection Regulation (GDPR) brought about new standard contractual clauses (SCCs), which were approved in June 2021. These were introduced to replace the old SCCs (last updated in 2010) ...