A-LIGN

Join us on 7/24 at 2 PM ET as A-LIGN's VP of Strategy & Innovation Patrick Sullivan and risk3sixty's CEO Christian Hyatt cover the compliance world's hottest topics, including: ✔ Driving efficiencies in the audit process ✔ Understanding the role of technology ✔ Building a strong security team ✔And more! Register now! 👉 https://bit.ly/4bvJCPF #TrustMastersMonthly #compliance #cybersecurity

Airspace Link, Inc. has earned their #SOC2! Well done. 🎉

Rustici Software has successfully earned their #SOC2 report and #ISO27001 certification! Congratulations. 👏

Congrats to Upfluence for earning their #SOC2 report! 👏

📣💻 July the 10th is webinar time: “PCI DSS 4: The Seven Changes You Need to Know Now” - Sign up now: https://lnkd.in/dUBeZqun Are you ready to meet the upcoming deadline for PCI DSS 4? Join IXOPAY, HUMAN Security, and A-LIGN to learn more about the changes and what your team can do to prepare ahead of time. What you can expect: ➡ What requirements are changing for PCI DSS 4 and the latest revision of DSS v4.0.1 ➡ How you can get up to speed quickly and cost effectively ➡ Best practices for compliance and preparing your payment ecosystem for the future ➡ A deep dive into the new payment page script technical requirements: 6.4.3 and 11.6.1 Save the date. See you online! #MRC #webinar #pcidss #payments #education #IXOPAY

As an industry leader in cloud security, we are constantly innovating and expanding our services to align with changes in the fast-moving industries of cybersecurity and compliance. We are excited to announce 5 highlights from a successful and transformative Q2: ✅ We released a new offering focused on ISO 42001, a new international standard addressing the use of AI. 🇨🇦 Our team had a blast at Collision Conf in Toronto, our biggest conference to date! ✈ In collaboration with our partners Vanta and A-LIGN, we hosted the Compliance Corner at RSA in San Francisco. 🤝 We announced our new partnership with leading industry player BARR Advisory, P.A. helping organizations around the world strengthen their security postures. 📊 Lastly, we released a guide with findings from our original research relevant to small and medium-sized businesses aiming to improve their security and stay ahead of common obstacles. Read more 🔽 https://lnkd.in/egabGD6n #cybersecurity #innovation #success #business #SaaS #compliance #ISO42001 #startups

What is the most important quality you look for in an auditor? Comment below! 👇 Download our full 2024 Compliance Benchmark Report for more insights on how to choose an audit partner. 👉 https://bit.ly/457LTio #2024ComplianceBenchmarkReport #qualitycompliance #compliance

🔶 Comparison of NIST SP 800-218A and ISO 42001 Organizational Roles🔶 Many of you have been exploring use of NIST SP 800-218A as your Secure Software Development Lifecycle framework (SDLC) for AI systems, which is a totally appropriate strategy. In this process you’ve likely noticed that NIST calls out specific “Audience Roles”, which offer yet another perspective on defining what ISO42001 refers to as “roles with respect to AI systems” (Clause 4.1). Today we'll highlight some of the similarities and differences between these different roles as semantics can make all the difference in the world when building your governance program(s). 1️⃣ NIST SP 800-218A Audience Roles 1. AI Model Producers: Organizations developing their own generative AI and dual-use foundation models. 2. AI System Producers: Organizations developing software that leverages a generative AI or dual-use foundation model. 3. AI System Acquirers: Organizations acquiring a product or service that utilizes one or more AI systems. 2️⃣ ISO 42001 Organizational Roles 1. Producers: Entities responsible for creating AI systems and ensuring they meet specified requirements. 2. Providers/Developers: Individuals or organizations that develop AI technologies and integrate them into systems. 3. Customers/Users: End-users or organizations that use AI systems for various applications, ensuring that their needs and requirements are met. 🅰 Similarities - Producers (ISO) and AI Model Producers/AI System Producers (NIST): Both frameworks emphasize the role of entities responsible for developing and producing AI models and systems. These roles focus on ensuring that AI technologies are built to meet specified requirements and standards. - Providers/Developers (ISO) and AI System Producers (NIST): These roles involve the development and integration of AI technologies into broader systems. They both highlight the importance of secure development practices and the integration of AI models into functional software systems. - Customers/Users (ISO) and AI System Acquirers (NIST): Both roles represent the end-users or organizations that acquire and use AI systems. These roles ensure that the AI systems meet user requirements and are secure, reliable, and compliant with relevant standards. 🅱 Differences - Specificity to AI: NIST SP 800-218A is tailored specifically for AI systems, with roles uniquely defined for AI model and system producers. ISO 42001, while inclusive of AI, addresses a broader range of software development activities. - Role Overlap and Clarity: NIST SP 800-218A roles are distinct in their focus on AI, potentially leading to overlapping responsibilities but with clear distinctions. ISO 42001 roles are broader, encompassing general software development responsibilities, including but not limited to AI. For help getting started, please reach out! A-LIGN #iso42001 #TheBusinessofCompliance #ComplianceAlignedtoYou

Many companies must do more to prepare for audits, but don't have enough resources. Watch our video to hear our VP of Strategy & Innovation Patrick Sullivan walks us through key stats from the 2024 Compliance Benchmark Report highlighting the importance of audit consolidation. 👇 #2024ComplianceBenchmarkReport #compliance #auditconsolidation #auditefficiency

Thank you to Amazon Web Services (AWS) for hosting a great happy hour in DC yesterday! 🥂 Our team had a wonderful time talking #compliance with some of the industry's best leaders. 38North Security Drata Eden Data RISCPoint InfusionPoints, LLC MegaplanIT