The Green Sheet Online Edition
April 10, 2017 • Issue 17:04:01
Secure portal for real-time security audits, compliance
Price and Associates CPAs LLC, doing business as A-LIGN, launched A-SCEND, a compliance portal and dashboard designed to enhance audit and security assessments for the Payment Card Industry (PCI) Data Security Standard (DSS) and other forms of compliance. The portal uses tracking tools to provide business owners with real-time status updates of audit, assessment and compliance activities, company representatives stated.
Established in 2009 by seasoned security experts and executives with experience at major accounting firms, A-LIGN provides security and compliance solutions to leading companies in numerous vertical industries, including payments. Headquartered in Tampa, Fla., with offices in San Francisco, New York, Atlanta, Dallas, Chicago and Salt Lake City, A-LIGN's mission is to help enterprises, distributors and Level 2 merchants simplify and streamline a range of security and compliance activities.
Greg Johnson, Vice President of Business Development at A-LIGN, called the company a one-stop shop for all aspects of security and compliance. "Our philosophy is that compliance doesn't have to be hard," he said. "We designed the A-SCEND portal from the ground up, with technology that makes the audit process more agreeable to our customers."
Secure, evidence/audit management
The A-SCEND portal's dashboard displays real-time status updates throughout the audit process, notifying customers when actions are required. Customers can link directly to documents to submit updates when necessary. Automated information request lists display real-time status updates such as "submitted," "in progress," "action required" and "accepted." The dashboard is protected by two-factor authentication and offers multiple permission levels, Johnson noted. "When new customers engage with us for an audit, we send log-in credentials and a quick-start guide," he said. "Customers who have been through security assessments appreciate this efficient, collaborative approach that eliminates guesswork from the audit process." A-LIGN clients receive detailed statements of work with clearly identified milestones to track efficiency and execution, and the company's relationship managers stay in touch with clients, beyond audits, advising on all aspects of security and compliance, Johnson said.
Payment card industry solutions
A-LIGN provides tailored solutions to payments industry stakeholders that are designed to protect cardholder data and enhance service offerings. A-LIGN described the solutions as follows:
- PCI DSS assessment: This process includes comprehensive planning to prepare an organization for on-site fieldwork. Resulting in a report on compliance, the PCI DSS assessment validates PCI DSS compliance by an A-LIGN Qualified Security Assessor (QSA).
- Facilitated self-assessment: A-LIGN's facilitated Self-Assessment Questionnaire (SAQ) process assists companies with selecting and completing the appropriate questionnaire based upon the organization's payment card processing. This allows A-LIGN's professionals to assess a company's environment and review its policies, procedures and controls to determine compliance with the requirements in the SAQ.
- PCI DSS readiness assessment: This assessment enables an organization to benchmark current processes and controls against the PCI DSS requirements so that it can implement the appropriate requirements prior to the validated assessment.
- Penetration testing: A-LIGN's penetration testing services enable organizations to evaluate security, identify vulnerabilities and proactively remediate weaknesses to prevent malicious attacks. Penetration testing may include technical schemes and socially engineered tests to evaluate network integrity and overall security.
- Vulnerability scans: A vulnerability scan or vulnerability assessment entails running an automated program that looks for vulnerabilities and documents potential exposures, such as unpatched or misconfigured systems or default accounts and passwords.
Additional compliance solutions and services include SOC 1, SOC 2, ISAE 3402, HIPAA, ISO 27001 and HITRUST certifications, Johnson stated, adding that A-LIGN and its QSAs work with leading organizations, ISOs and acquirers and have conducted more than 3,500 successful audits and assessments. "We're seeking to partner with payments acquirers, software developers and independent software vendors that have one or more Level 2 merchants in their portfolios," Johnson said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.