Which Compliance Assessment is Right for Your Organization? / Part 4: PCI, Penetration tests, and Vulnerability Scans

01/26/23 • 40 min

In the latest installment of this five-part series, Blaise Wabo welcomes A-LIGN's PCI Lead, Dustin Rich, and Technical Knowledge Leader and Research and Development Director, Joe Cortese, for a deep dive into the intricacies of PCI, Penetration tests, and Vulnerability Scans.
Together they discuss new updates related to the new PCI 4.0 and the latest OWASP Top 10 Penn test framework and what organizations need to do now to prepare. They also discuss the importance of close collaboration between the teams performing each assessment and the consequences most face when each are done in a vacuum.

Previous Episode

Which Compliance Assessment is Right for Your Organization? / Part 3: SOC 2 & ISO 27001

In the latest installment of this four-part series, Blaise Wabo welcomes A-LIGN's SOC 2 lead, Shayna Davitt, and ISO 27001 lead, Adam Lubbert, for a deep dive into SOC and ISO assessments.

They discuss common pitfalls companies face when pursuing both audits and how to avoid them, recent updates in the ISO 27001 standards, and the advantages of doing both SOC 2 and ISO 27001 simultaneously.

Next Episode

Which Compliance Assessment is Right for Your Organization? / Part 5: HITRUST & Federal Compliance

In the final installment of this five-part series, Blaise Wabo welcomes A-LIGN's Federal Practice Lead, Tony Bai, and HITRUST Associate Director, Shreesh Bhattarai, for a deep dive into the intricacies of HITRUST, HIPAA, & Federal certifications.
Together they discuss updates to the NIST 800-171 and how that affects the various government certifications (FedRAMP, CMMC, StateRAMP, FISMA), and what companies should be doing now to remain compliant. They also review the many HITRUST Assessments (including the new e1 assessment) and how they can help achieve HIPAA compliance.