Compliance & assessment
Our expertise, efficient process, and audit management platform will help you earn the trust of your customers and demonstrate your commitment to cybersecurity.
Contact usSOC 1
A SOC 1 report from A-LIGN is one CFOs, controllers, and procurement leads recognize as defensible. Our reports are rigorously QA’d to hold up to the financial scrutiny of your customers.
SOC 2
With 200+ dedicated SOC auditors and over 20 years of expertise, A-LIGN delivers SOC 2 reports that hold up to scrutiny from customers, partners, and stakeholders.
SOX 404
A-LIGN takes a consultative approach to internal SOX 404 assessments, delivering both assurance and remediation guidance ahead of your next 10-K filing.
ISO 27001
Dual-accredited by ANAB and UKAS, A-LIGN lets you certify under your preferred accreditation body for ISO 27001 with a methodology engineered to prevent the leading causes of report rejection: incomplete scope and missing controls.
ISO 27701
As the first ANAB-accredited certification body for ISO 27701:2025, we can help you certify against the world’s first international privacy standard that ensures you’re protecting sensitive data like financial information, trade secrets, and confidential records.
ISO 42001
Among the first accredited ISO 42001 certification bodies, A-LIGN gives clients a first-mover advantage in AI governance, signaling to customers, regulators, and partners that your AI systems are managed and improved continuously.
PCI DSS
Demonstrate industry compliance and protect customer card data with PCI DSS. As a Qualified Security Assessor (QSA), A-LIGN guides you to PCI DSS compliance with rigor and efficiency.
HITRUST
With a 100% certification rate across 1,400+ assessments, A-LIGN makes HITRUST achievable and is among the first assessors to bundle MyCSF, audit services, and final report in a single engagement.
HIPAA
For organizations that handle protected patient health information, A-LIGN’s process draws on years of healthcare assessment experience to get you compliant.
CMMC
As an Authorized C3PAO with over 100 CMMC assessments completed, A-LIGN delivers certifications built to withstand prime and government scrutiny, protecting your critical government revenue streams.
FedRAMP
As the #3 FedRAMP 3PAO on the marketplace with 250+ federal clients served, A-LIGN supports both the traditional Rev5 pathway and the emerging FedRAMP 20x model for cloud-native providers.
FISMA
A-LIGN’s federal assessors help organizations pursuing or holding federal contracts meet FISMA’s requirements to develop, document, and implement an information security program, backed by extensive experience with FISMA and NIST Special Publication 800-53.
NIST 800-171
As one of the top federal assessors in the world, A-LIGN has guided many organizations through NIST 800-171 to protect federal contracts.
Microsoft SSPA
A Microsoft SSPA attestation demonstrates that your business meets the privacy and security principles required to become a Microsoft vendor, and A-LIGN can help get you there.
CSA STAR
Adding CSA STAR to a SOC 2 or ISO 27001 engagement is a well-recognized way to demonstrate cloud security maturity. A-LIGN has conducted thousands of SOC 2 and ISO 27001 assessments and can guide you to CSA STAR certification.
Limited Access Death Master File
Access to the Limited Access Death Master File (LADMF) requires a written attestation from an Accredited Conformity Assessment Body (ACAB). A-LIGN is an ACAB with the experience to help companies gain LADMF access.
Cybersecurity & privacy
Stay ahead of cybersecurity incidents and avoid the impact to finances and reputation by knowing your risks and addressing privacy requirements.
Contact usPenetration Testing
A-LIGN pen testing goes beyond vulnerability scanning to simulate how an attacker moves through your environment, with OSCP/OSCE/OSEE-certified testers delivering prioritized remediation guidance and findings mapped to MITRE ATT&CK, not just generic CVSS scores.
Ransomware Preparedness
A-LIGN’s ransomware preparedness assessment combines a comprehensive review of your infrastructure and processes with real-world simulations across a three-phase approach, identifying gaps in your cybersecurity posture before attackers find them.
Social Engineering
A-LIGN’s penetration testers use the latest phishing, pretexting, and baiting tactics to test employee security awareness and uncover vulnerabilities that exploit the human factor.
Business Continuity & Disaster Recovery
Business continuity and disaster recovery (BCDR) plans minimize the impact of disruptive events on your organization. A-LIGN tests your plan to ensure an incident doesn’t snowball into financial and reputational penalties.
Vulnerability Assessment
A-LIGN performs network-layer and application-level vulnerability scans to map threat surfaces and known weaknesses before malicious actors do.
GDPR
A GDPR gap assessment from A-LIGN enhances your privacy posture and identifies the gaps that matter for compliance. A-LIGN’s assessors help you understand GDPR’s impact on your organization and where remediation is needed.
Data Protection Analysis
A-LIGN’s Data Protection Analysis helps you understand how customer data is utilized and protected, demonstrating to customers and employees that you take their most valuable assets seriously.
Audit Management Technology
A-SCEND is designed to help teams save meaningful time, especially during audit preparation, without compromising rigor. The platform seamlessly combines technology and human expertise across the entire audit lifecycle.
Learn moreAutomated Evidence Matching
AI Evidence Matching reads a file’s name and contents and pairs it with the right request on the Information Request List, which means less time figuring out which file covers which request, fewer clarification cycles with auditors.
EvidenceIQ
Scores your evidence against audit criteria before fieldwork begins, so you see exactly where you stand before your auditor does.
Smart recommendations
Surfaces previously uploaded evidence for reuse across requests, so you’re not always starting from scratch.
Engagement crosswalk
Shows how your completed evidence maps to new frameworks to help you as you grow your compliance program.
Integration with GRC Platforms
Work where you already do. Native integrations with leading GRC platforms deliver a unified audit experience inside the tools your team relies on.

