SOC 2 engagements show strong commitment to deliver high quality services to our clients by demonstrating that we have the necessary internal controls and processes in place. SOC 2 engagements are based on the AICPA’s Trust Services Principles: security, availability, confidentiality, privacy and processing integrity. This process ensures that information security practices, policies, procedures and operations meet or surpasses the rigorous SOC 2 standards.
A FISMA Compliance Audit verifies that we recognize the importance of information security by following a tailored set of baseline security controls from NIST Special Publication 800-53. FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, is a mandatory federal standard developed by NIST in response to FISMA.
The Health Insurance Portability and Accountability (HIPAA) Security Rule is a national standard set for the protection of consumers’ Electronic Protected Health Information (ePHI). The ePHI that an organization manages must be protected from anticipated breaches by mandating a Risk Assessment and implementing appropriate Physical, Administrative, and Technical Safeguards.
ISO 27001 is a specification for an ISMS (Information Security Management System) standard. It creates and implements the most effective and efficient Security Management System for the organization. An international standard, the ISO 27001 applies controls from the following areas: Security Policy, Organization and Information Security, Asset Management, Human Resources Security, Physical and Environmental Security, Operations Management, Access Control, Information Systems Acquisition, Information Security Incident Management, Business Continuity Management, and Compliance.
The Payment Card Industry Data Security Standard is a complex security standard that focuses on security management, policies, procedures, network architecture, software design, and other critical protective procedures. These security standards are relevant to any merchant or service provider that uses, stores or transmits information from a payment card.