A-LIGN

Another successful event hosted by Florida State University and FSU Career Center - thank you for working so hard to reschedule this event and giving us the opportunity to connect with over 2000 students! We met some incredibly talented students AND it was a full circle moment for me as I met Joseph Sperling, HITRUST CCSFP two years ago at Seminole Futures and Will Dunham last year at Seminole Futures and today they were able to come back to campus and attend as an employer. If you weren’t able to make it and want to chat about our open opportunities here at A-LIGN please feel free to reach out to me here. We can’t wait to be back on campus in a few months!

Looking forward to our #FedRAMP Summit this evening in Durham, NC hosted by Diligent, 38North Security, and A-LIGN! There's still time to register! Andy Davidson, Matt Bruggeman, Jeremiah Thompson, and Chris Davis ... the amount of combined FedRAMP experience in the room will be mind boggling 🤔

One of the more seemingly ambiguous aspects of your #ISO42001 #AIMS Certification assessment will be your 3rd Party audit planning and time commitments. Though this process can seem mysterious, your Certification Body (CB) will use #ISO42006 to determine the appropriate audit time (or "auditor-days") needed to complete your assessment with quality. Each assessment relies on specific scoping factors, which directly impact the complexity and depth of the audit. Here are the primary factors involved according to ISO42006: ➡ 1. Complexity of the AIMS: The audit time is influenced by the complexity of the AIMS, including factors like the nature of the data, risk assessment procedures, and management layers involved. ➡2. Impact of the AI System and #Roles Involved: The expected impact of the AI system on individuals or public interests (categorized as high, medium, or low) requires adjustment in audit time. Here, the roles within the AI lifecycle (whether as an AI #provider, #developer, or #user) play a significant part. Each role carries distinct responsibilities and impact potentials, influencing how extensively the audit should evaluate each area. Higher-impact systems, especially those involving providers or developers with broad public influence, require additional attention due to the elevated risk of harm and complexity of operations. ➡3. Organizational Size and Personnel Involvement (#Headcount): The number of personnel engaged in AI lifecycle processes also affects audit time. Headcount, in this context, is determined by the total number of individuals directly involved in developing, deploying, and managing AI systems. This includes both full-time and part-time employees and contractors working on the AI lifecycle, calculated based on their time allocated to AI activities. A larger personnel group within the scope of the AIMS indicates a broader operational scale and requires additional audit effort to ensure comprehensive coverage. ➡4. Extent of Outsourcing and Third-Party Dependencies: Systems with extensive outsourcing or third-party arrangements necessitate extra auditing time to verify that these external entities adhere to the required standards and controls. ➡5. Number of Locations and Disaster Recovery Sites: Organizations with multiple locations or disaster recovery setups need additional audit days, as each location must be assessed to verify consistent compliance across the board. ➡6. Diversity of Technology and Controls: Diverse IT platforms, cloud integrations, and complex control frameworks within the AIMS scope demand more audit days to evaluate each element thoroughly. ➡7. Previous Performance and History of the AIMS: If the AIMS has a history of non-conformance or major changes, this history may lead to additional audit time to ensure all issues are resolved and that there’s alignment with ISO42006 standards. A-LIGN ISO/IEC Artificial Intelligence (AI) #TheBusinessofCompliance #ComplianceAlignedtoYou

Give Official ISACA Denver a Follow for more information on upcoming events, but there's also an Events page over at the Chapter's website, which I'll link in the Comments. Coming up on November 21st, Blaise Wabo, CPA, CISA, CITP, CCSK, CCSFP of A-LIGN will be talking about #CMMC during the ISACA Denver Chapter's *online* monthly meeting. No commute necessary, but you do need to register. Many organizations who've been holding their breath in the years since CMMC was announced have heard recently about the drop of the Final Rule for this standard and are now ready to hear the real deal from an industry-recognized expert. That's Blaise. Hit the link below, then click on the link for the November 21 Chapter meeting to find registration information. Not a member of the ISACA Denver Chapter? What's holding you back? From presentations to webinars to #networking events to free certification training, being a Chapter member is one of the most rewarding communities you can be a part of. #isaca #community #professionaldevelopment

🎙️✨Guiding Organizations on the Next Steps in Their Compliance Journey 7 Minutes on ITSPmagazine Podcasts From HITRUST Collaborate 2024 hosted by Sean Martin An A-LIGN Short Brand Story with Shreesh Bhattarai, CISA, CCSK, HITRUST CCSFP, CHQP In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, I am joined by Shreesh Bhattarai to share his insights on how A-LIGN has become the leading provider of high-quality, efficient cybersecurity compliance programs and provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. 📺 Watch the episode video on YouTube & subscribe to ITSPmagazine Channel here 👇 https://lnkd.in/g-NQsycB 📻 If you prefer to listen to the audio podcast, enjoy it here 👉 https://lnkd.in/g3H5_4MM 🖥️ To learn more about this Brand Story, visit the page here 👇 https://lnkd.in/grvCS7tc #compliance #CyberSecurity #infosecurity #infosec #technology #business cc: Marco Ciappelli ITSPmagazine Podcasts Redefining CyberSecurity Podcast

🌟 We're proud partners of A-LIGN! 🎉 When it comes to becoming compliant and certified, we couldn't do all the work for our clients without the help of our auditors. A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. 🔐 With A-LIGN by our side, we're helping businesses take their cybersecurity to the next level - making sure they meet compliance with confidence and stay ahead of industry regulations.

We’re back at Florida State University tomorrow at the Donald Tucker Civic Center amidst a busy basketball season! A-LIGN will be attending Seminole Futures Fall Career Fair! I can’t wait to meet another group of talented professionals ready to take the next step in their career journey! Stop by our table and come chat with myself, Will Dunham, and Joseph Sperling, HITRUST CCSFP If you can’t make it, reach out to me here and we can coordinate a time that works!

🥂 The A-LIGN team had a blast celebrating achievements at the Tampa Bay Tech Awards Show!   As a Supporting Partner of Tampa Bay Tech, A-LIGN is dedicated to advancing the Tampa Bay community through thought leadership and active engagement. Our very own Petar Besalev serves as Chair of TBT’s Community Engagement Committee and is a member of the Executive Committee, playing an instrumental role in uniting the tech community.   We look forward to our continued partnership in 2025 and strive to enhance the Tampa Bay Tech ecosystem! #TampaBay #TampaBayTech

💜 We're sponsoring #VantaCon24 on November 20th in San Francisco! We can't wait to chat with experts from Vanta—and across the industry—about the future of cybersecurity and trust, and how we can all go above and beyond the expectations of our industry. Register here! 👉 https://lnkd.in/gCPFAR2A #NotYourStandardSecurityEvent

I find myself talking a lot about the value of ISO management systems and why they matter. I would love for you to consider their benefits, structure, and how they can expand with your business. ➡ Benefits of an ISO Management System An ISO management system (MS) is a structured framework that drives operational discipline, efficiency, and risk management across your organization. 1. Consistency and Efficiency: ISO standards establish processes that ensure consistent outputs, reducing errors and costs. #ISO9001 (Quality Management System), for example, enhances operational efficiency and customer satisfaction. 2. Resilience through Risk Management: Standards like #ISO31000 (Risk Management) and #ISO37301 (Compliance Management) help identify and mitigate risks proactively. This approach helps strengthen resilience, preparing your business to handle challenges effectively. 3. Building Trust and Transparency: ISO emphasizes documentation and audits, demonstrating your commitment to high standards, which builds trust with stakeholders and shows you’re reliable and compliant. 4. Continuous Improvement: ISO’s Plan-Do-Check-Act (#PDCA) cycle means you’re always refining processes, identifying improvement areas, and staying competitive in a dynamic market. ➡Structure of an ISO Management System An ISO management system is organized into sections that ensure its comprehensive and adaptable: ✅ Context of the Organization: Consider both internal and external factors impacting your objectives. ✅Leadership and Commitment: Top management drives the system, ensuring alignment with organizational goals. ✅Planning: Define objectives, assess risks, and set actions. ISO37301 promotes proactive compliance risk management. ✅Support: Provide necessary resources and training across teams. ✅Operation: Define processes that deliver quality, security, or governance outcomes. ✅Performance Evaluation: Conduct regular audits to keep the system effective and agile, leveraging #ISO19011 for best practices. ✅Improvement: Actively address nonconformities and refine processes based on data and audit findings. ➡Areas of Extensibility ISO frameworks are designed to grow with your organization. A few examples of how they can be combined to support broader goals include: 💡Quality + Environmental Management: Pairing ISO9001 with ISO14001 (Environmental Management) supports excellence and sustainability, ideal for impact-driven organizations. 💡Risk and Compliance Synergy: Integrating ISO31000 and ISO37301 streamlines compliance as part of your risk strategy, helping manage regulatory demands with a risk-based approach. 💡Information Security and AI Governance: ISO27001 (Information Security) with ISO42001 (AI Management) provides a strategic edge, managing data and security risks for AI systems. Consider ISO27701 for Privacy as well. 💡Innovation Management: ISO56001 institutionalizes innovation, ensuring it’s a sustained part of your strategic approach. A-LIGN Kim Lucy