A-LIGN ASSURANCE

Internal audit services, namely, business auditing; disaster recovery services, namely, business planning continuity and disaster recovery consulting

Cybersecurity services in the nature of restricting unauthorized access to computer systems; cybersecurity and information security compliance and assessment services, namely, computer systems analysis for the capability to identify, protect, detect, respond, and recover from unauthorized access or data breach; development of security systems and contingency planning for information systems; testing of computers, networks, and applications to assess information security vulnerability; evaluation of cybersecurity and information security framework compliance with industry standards to ensure the confidentiality, integrity, and availability of data; cyber risk and privacy services, namely, computer security threat and privacy controls and procedures analysis to identify and control access to data; evaluating the processes and procedures in place to evaluate the computer network and privacy capabilities related to systems, people, assets, and data; cybersecurity advisory services, namely, computer security consultancy for the purpose of identifying, assessing, and remediating of controls, processes, policies, infrastructure, and overall cyber capabilities; computer security consultancy in the field of compliance with General Data Protection Regulation (GDPR), E.U.-U.S. Privacy Shield, Health Insurance Portability and Accountability Act (HIPAA) security and privacy, and Health Information Technology for Economic and Clinical Health Act (HITECH); computer security consultancy in the field of cybersecurity, data privacy, information security, and compliance best practices; evaluation of user's staff, processes, technology, data, assets, policies, and procedures to assure compliance with information security and privacy standards and requirements; computer network security consultancy in the field of enterprise-level risk assessment, third-party risk management, data protection analysis, and privacy impact assessment services; computer, network, and information security services, namely, computer network security consultancy to determine the ease with which users' computer network security could be compromised; software-as-a-service (SaaS) services, namely, software for tracking, auditing, storing, and reporting of compliance with local, state, federal, and international cybersecurity and privacy standards and regulations, governance, and risk management related to cybersecurity, data protection, and privacy; internal audit services, namely, evaluation of information technology (IT) systems of others; providing internal audit services, namely, assessment of the information security and privacy vulnerability of others

Regulatory compliance consulting and auditing in the field of cybersecurity and privacy regulations compliance with Sarbanes Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), Payment Card Industry Data Security Standard (PCI DSS), Gramm-Leach-Bliley Act (GLBA), Consumer Financial Protection Bureau (CFPB), Federal Financial Institutions Examination Council (FFIEC), National Technical Information Service (NTIS), Limited Access Death Master File (LADMF), General Data Protection Regulation (GDPR) laws, E.U.-U.S Privacy Shield, Criminal Justice Information Services (CJIS) assessments, Agreed Upon Procedures (AUP) engagements, System and Organization Controls (SOC), SOC1, SOC2, SOC3 and SOC for Cybersecurity, Statement on Standards for Attestation Engagements (SSAE), International Standard on Assurance Engagements (ISAE), and Canadian Standard on Assurance Engagements (CSAE), Microsoft Supplier Security and Privacy Assurance Program (SSPA), and CFPB readiness; regulatory compliance consulting in the field of SOC assessments and attestation, PCI DSS assessment and advisory services, healthcare-related assessments in the nature of HIPAA, HITECH, Health Information Trust Alliance (HITRUST) assessments, International Organization for Standardization certification, federal assessments in the nature of Federal Risk and Authorization Management Program (FedRAMP) authorization, Federal Information Security Management Act (FISMA) authorization and certification, and National Institute of Standards and Technology assessments, National Institute of Standards and Technology Special Publication (SP), Federal Information Processing Standards (FIPS), and Cybersecurity Framework (CSF) assessments