Any business that accepts credit cards for payment must securely handle and store client information.
For hospitals, pharmacies, doctor’s offices, and other health care organizations, HIPAA compliance guarantees the security of patient’s healthcare records and personally identifiable information.
SOC is an acronym that now stands for System and Organization Controls (previously Service Organization Controls) and is an audit of a companies controls that are in place to help ensure the Security, Availability, Processing Integrity, Confidentiality and Privacy of their customers data.”
he service trust principals are the 5 key areas then can be assessed during a SOC 2 audit. They are groups of controls that ensure the system is meeting each of the outlines service principles.
- Security: The system is protected against unauthorized access (both physical and logical).
- Availability: The system is available for operational use as committed or agreed.
- Processing integrity: System processing is complete, accurate, timely and authorized.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in the service organization’s privacy notice, and with criteria set forth in generally accepted privacy principles issued by the AICPA.
As an outsourced internal audit team, we are comfortable using the client’s control framework (COBIT, NIST). However, we can also provide a control structure based on over 30 years of experience with external auditors.
Our SOX ITGC Controls (404) Testing follows a simple process:
- Scoping of Systems and Controls
- Evidence Collection
- Testing
- Reporting
We align with the other audit teams for collaboration while maintaining independence to reduce the strain on the business contacts.
Contractors and subcontractors for the US Department of Defense must follow very stringent controls concerning Controlled Unclassified Information (CUI) and general cyber security hygiene.