Cybersecurity compliance experts

Since launching in 2009, A-LIGN has assisted diverse enterprises navigate the complexities of regulatory and business-driven security and compliance. It has done so by providing comprehensive assessments, audits, and cyber risk advisory and testing services. The Tampa, Fla.-based firm employs more than 100 assessors and auditors dedicated to working with clients in business, healthcare and government.

In 2017, A-LIGN was named to the Inc. 5000 list of fastest-growing privately held U.S. companies. With the recent infusion of $54.5 million in growth funding by FTV Capital, it plans to further expand its service offerings, technology platform and expert team to meet increased client demand to streamline cybsersecurity.

According to A-LIGN CEO Scott Price, evolving security frameworks and the continual release of new regulations and compliance requirements necessitate that company executives constantly examine their data privacy practices. "Organizations across all industries are conducting critical assessment and audits not only for mandated compliance, but also to deepen trust among customers and users which has a direct impact on the bottom line," he said.

Mark Sokol, A-LIGN vice president of marketing, added that established and new organizations need to have a third-party review and assess their controls on a variety of technologies. "Whether in the financial and payments space, healthcare, or related to GDPR internationally, companies that work with others, including software and service providers, want that validation," he said.

A-LIGN prides itself on its validated qualifications. It is a CPA firm, Qualified Security Assessor company, accredited ISO 27001 certification body, certified HITRUST Assessor firm and accredited FedRAMP 3PAO. "We're one of a handful or organizations that offer the services we provide for alerting, IT security and compliance," Sokol said.

Portal to compliance

According to A-LIGN, its proprietary A-SCEND platform has received high marks for helping customers streamline the complex audit and certification process via workflow automation, document management and auditing history. "As an assessor who actively engages with our partners to work through these assessments, A-SCEND as a tool, is not only vital, but it's unlike anything I've worked with, and I've worked in the industry for a number of years," said Patrick Sullivan, Senior Consultant at A-LIGN. "This tool actually creates a structure, a system that allows us to partner with our customers to create the assessment as opposed to just demanding cold evidence."

The firm believes that within this framework, it achieves greater consistency in both how data is collected and meeting client expectations, since a collaborative approach pinpoint each client's end goals and provides the steps necessary to achieve them. "When I ask for a specific piece of evidence, they already have the context set up so that the client doesn't have the uncertainty they would normally have with an auditor request," Sullivan said.

Holistic approach to compliance

Entities often mistakenly view compliance as a siloed journey, isolating GDPR without considering the potential operational side effects, for example. A-LIGN's stance on compliance is all encompassing.

"When we start to actively partner, we have an opportunity to hit the brakes, to think about things holistically, and then with that partner, begin focusing on what's most important," Sokol said. "In some organizations, it might be some specific compliance obligation. In others, we might find that there are bigger issues, and we have an opportunity to help bridge gaps that exist."

A-LIGN endeavors to evaluate, direct and monitor all clients according to known industry standards. "We direct or prioritize where effort needs to be focused to remedy any gaps found and generally continuously monitor through the lifecycle of the assessment with our partner," Sokol noted.

While the firm does not offer a channel program, per se, it does offer merchant PCI security standard readiness and compliance assessments, as well as privacy and risk assessments, penetration testing, and mobile and web app testing, among other services.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.