A-LIGN SERVICES Flashcards
SOC 1
-good for organizations that handle, processes, stores, or transmits financial information
-Not very common, just means you have a list of policies and procedures, doesn’t necessarily mean they are being executed
SOC 2
-Align reviews policies, procedures, and systems that protect information across 5 categories called Trust Service Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy).
-Provides assurance to company’s customers and partners that their systems are secure
-Top issuer of SOC 2 reports!
SOX 404
-purpose is to make sure companies have strong systems in place to prevent mistakes or fraud in their financial reports.
-helps ensure financial information is accurate and trustworthy, giving investors more confidence in the company.
ISO 27001
-Focused on information security management.
-helps protect all types of sensitive information (financial data, trade secrets, intellectual property) from risks like breaches, theft, or loss.
-SECURES ALL INFORMATION
ISO 27701
-Focused on privacy information management.
-Extension of ISO27001 to specifically address how personal data (names, addresses, medical information) is collected, processed, stored, and shared to comply with privacy regulations like GDPR or CCPA.
-SECURES PERSONAL INFORMATION & ensures privacy compliance
ISO 22301
-International standard for BUSINESS CONTINUITY MANAGEMENT SYSTEMS (BCMS)
-helps organizations prepare for, respond to, and recover from disruptions like natural disasters, cyberattacks, or supply chain failures.
-Ensures businesses are resilient and can continue operating even when unexpected challenged arise.
ISO 42001
-AI management system standard
-For organizations on the cutting edge of AI, ISO 42001 is an important standard to implement that demonstrates responsible and ethical usage of AI.
HITRUST
-Combines HIPAA, GDPR, and ISO27001 into one comprehensive system
-helps organizations manage risk, maintain compliance, and prove commitment to protecting sensitive information, especially in industries like healthcare.
HIPAA
(Regulation)
-US law designed to protect sensitive patient health information. Applies to healthcare providers, insurers, and related organizations.
-Privacy Rule; protects med records and personal health information
-Security Rule; requires safeguards to prevent unauthorized access or breaches
-Breach Notif. Rule; notify affected ind. when data breach occurs.
-Portability; ensures employees can keep their health insurance when they change jobs.
FEDRAMP
-US government program that provides standardized approach to security assessment, authorization, and continuous monitoring for cloud service providers (CSP)
-ensures federal agencies can use cloud services confidently.
STATERAMP
-modeled after FEDRAMP, designed to help US state and local governments assess and monitor the security of CSPs
FISMA
-US law designed to protect federal government information system from cyber threats.
-helps ensure that sensitive federal data, such as national security or citizen information, is protected.
CMMC (cybersecurity ,maturity model certification)
-designed by US DOD to ensure that companies in the Defense Industrial Base protect sensitive information, such as Controlled Unclassified Information and Federal Contract Information.
-Applies to all companies in the DoD supply chain, including subcontractors, to ensure cybersecurity it maintained at all levels.
-ESSENTIAL for contractors to win and maintain DoD contracts.
NIST (National Institute of Standards and Technology) 800-171
-Developed to help organizations protects Controlled Unclassified Information (CUI) in non-federal systems and organizations.
-Ensures that sensitive government information remains secure when outside federal systems.
-Compliance is often a requirement for federal contracts.
PCI DSS (Payment Card Industry Data Security Standard)
-Established to ensure that organizations that handle payment card information maintain a secure environment to protect against data breaches, fraud, and theft.
-Businesses include retailers, financial institutions, payment processors, and online merchants.
