Page 49 - GS170401
P. 49
NewProducts
us for an audit, we send log-in credentials and a quick-
start guide," he said. "Customers who have been through
security assessments appreciate this efficient, collabora-
tive approach that eliminates guesswork from the audit
process." A-LIGN clients receive detailed statements of
work with clearly identified milestones to track efficiency
and execution, and the company's relationship managers
Company: A-LIGN stay in touch with clients, beyond audits, advising on all
Product: A-SCEND aspects of security and compliance, Johnson said.
Website: www.a-lign.com Payment card industry solutions
Contact: greg.johnson@a-lign.com
A-LIGN provides tailored solutions to payments industry
stakeholders that are designed to protect cardholder data
Secure portal for and enhance service offerings. A-LIGN described the solu-
tions as follows:
real-time security • PCI DSS assessment: This process includes com-
prehensive planning to prepare an organization for
audits, compliance on-site fieldwork. Resulting in a report on compli-
ance, the PCI DSS assessment validates PCI DSS
compliance by an A-LIGN Qualified Security As-
sessor (QSA).
rice and Associates CPAs LLC, doing business • Facilitated self-assessment: A-LIGN's facilitated
as A-LIGN, launched A-SCEND, a compliance Self-Assessment Questionnaire (SAQ) process as-
portal and dashboard designed to enhance sists companies with selecting and completing the
P audit and security assessments for the Payment appropriate questionnaire based upon the orga-
Card Industry (PCI) Data Security Standard (DSS) and nization's payment card processing. This allows
other forms of compliance. The portal uses tracking tools A-LIGN's professionals to assess a company's en-
to provide business owners with real-time status updates vironment and review its policies, procedures and
of audit, assessment and compliance activities, company controls to determine compliance with the require-
representatives stated. ments in the SAQ.
Established in 2009 by seasoned security experts and ex- • PCI DSS readiness assessment: This assessment
ecutives with experience at major accounting firms, A- enables an organization to benchmark current pro-
LIGN provides security and compliance solutions to lead- cesses and controls against the PCI DSS require-
ing companies in numerous vertical industries, including ments so that it can implement the appropriate re-
payments. Headquartered in Tampa, Fla., with offices in quirements prior to the validated assessment.
San Francisco, New York, Atlanta, Dallas, Chicago and • Penetration testing: A-LIGN's penetration testing
Salt Lake City, A-LIGN's mission is to help enterprises, services enable organizations to evaluate security,
distributors and Level 2 merchants simplify and stream- identify vulnerabilities and proactively remediate
line a range of security and compliance activities. weaknesses to prevent malicious attacks. Penetra-
tion testing may include technical schemes and so-
Greg Johnson, Vice President of Business Development at cially engineered tests to evaluate network integrity
A-LIGN, called the company a one-stop shop for all as- and overall security.
pects of security and compliance. "Our philosophy is that • Vulnerability scans: A vulnerability scan or vul-
compliance doesn't have to be hard," he said. "We designed nerability assessment entails running an automated
the A-SCEND portal from the ground up, with technol- program that looks for vulnerabilities and docu-
ogy that makes the audit process more agreeable to our ments potential exposures, such as unpatched or
customers." misconfigured systems or default accounts and
Secure, evidence/audit management passwords.
The A-SCEND portal's dashboard displays real-time sta- Additional compliance solutions and services include
tus updates throughout the audit process, notifying cus- SOC 1, SOC 2, ISAE 3402, HIPAA, ISO 27001 and HITRUST
tomers when actions are required. Customers can link certifications, Johnson stated, adding that A-LIGN and its
directly to documents to submit updates when necessary. QSAs work with leading organizations, ISOs and acquir-
Automated information request lists display real-time ers and have conducted more than 3,500 successful audits
status updates such as "submitted," "in progress," "action and assessments. "We're seeking to partner with payments
required" and "accepted." The dashboard is protected by acquirers, software developers and independent software
two-factor authentication and offers multiple permission vendors that have one or more Level 2 merchants in their
levels, Johnson noted. "When new customers engage with portfolios," Johnson said.
49
49
