Independent Audit Verifies Pana Industries’ Internal Controls and Processes

Denver, CO – Pana Industries, Inc. (Pana), a travel coordination platform, today announced that it has completed its SOC 2 Type II audit, performed by KirkpatrickPrice. This attestation provides evidence that Pana has a strong commitment to security and to delivering high-quality services to its clients by demonstrating that they have the necessary internal controls and processes in place.

A SOC 2 audit provides an independent, third-party validation that a service organization’s information security practices meet industry standards stipulated by the AICPA. During the audit, a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system are tested. The SOC 2 report delivered by KirkpatrickPrice verifies the suitability of the design and operating effectiveness of Pana Industries’ controls to meet the standards for these criteria.

“As a travel coordination and online booking tool, Pana is exposed to a multitude of traveler data. To ensure the security of that data, we espouse the most stringent security standards and processes,” said Devon Tivona, co-founder & CEO of Pana. “We’re excited to have achieved this milestone and to demonstrate that the security processes and controls Pana has employed ensures that all customer and traveler data is safeguarded.”

“The SOC 2 audit is based on the Trust Services Criteria. Pana has selected the security and confidentiality criteria for the basis of their audit,” said Joseph Kirkpatrick, President of KirkpatrickPrice. “Pana delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Pana’s controls.”

About Pana Industries

Pana is the first and only corporate travel platform dedicated to guest travel. One in five business trips booked are for non-employee travel, which can include customers, recruits, speakers and contractors. Pana’s mission is to make in-person collaboration effortless, combining real humans and modern tech to deliver extraordinary business travel for the transient, group and simple meetings segments. More than 150 enterprise clients trust Pana to provide booking, service, payment and reconciliation to their guest travelers, either directly or through travel management company integrations. Visit pana.com for more information.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over a thousand clients in North America, South America, Asia, Europe, and Australia. The firm has more than a decade of experience in information security by performing assessments, audits, and tests that strengthen information security practices and internal controls. KirkpatrickPrice most commonly performs assessments on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA frameworks, as well as advanced-level penetration testing. For more information, visit www.kirkpatrickprice.com, connect with KirkpatrickPrice on LinkedIn, or subscribe to our YouTube channel.

Independent Audit Verifies NorthStar Education Services’ Internal Controls and Processes

Eagan, MN – NorthStar Education Services, a student financial aid and payment company, today announced that it has completed its SOC 2 Type I audit, performed by KirkpatrickPrice. This attestation provides evidence that NorthStar Education Services has a strong commitment to security and to delivering high-quality services to its clients by demonstrating that they have the necessary internal controls and processes in place.

A SOC 2 audit provides an independent, third-party validation that a service organization’s information security practices meet industry standards stipulated by the AICPA. During the audit, a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system are tested. The SOC 2 report delivered by KirkpatrickPrice verifies the suitability of the design of NorthStar Education Services’ controls to meet the standards for these criteria.

Taige Thornton, President of NorthStar Education Services, said, “All organizations should ask for SOC reporting from their outsourced service vendors. Whether a vendor can provide a SOC report is a serious risk component that companies need to consider during any vendor due diligence analysis.”

“The SOC 2 audit is based on the Trust Services Criteria. NorthStar Education Services has selected the security, availability, and processing integrity criteria for the basis of their audit,” said Joseph Kirkpatrick, President of KirkpatrickPrice. “NorthStar Education Services delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on NorthStar Education Services’ controls.”

About NorthStar Education Services

NorthStar Education Services is an affiliate of Ascendium Education Group. For 50 years, our focus has been to deliver industry leading tools to support educational accessibility and success through student loan repayment, employee benefit/payment assistance, next generation financial wellness and education loan refinancing programs.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over a thousand clients in North America, South America, Asia, Europe, and Australia. The firm has more than a decade of experience in information security by performing assessments, audits, and tests that strengthen information security practices and internal controls. KirkpatrickPrice most commonly performs assessments on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA frameworks, as well as advanced-level penetration testing. For more information, visit www.kirkpatrickprice.com, connect with KirkpatrickPrice on LinkedIn, or subscribe to our YouTube channel.

Independent Audit Verifies Gorilla Logic’s ISO 27001 Compliance

Broomfield, CO – Gorilla Logic, a software development and consulting services company, today announced that it has completed an ISO 27001 audit, performed by KirkpatrickPrice, a licensed CPA firm specializing in information security.

ISO 27001 is a specification for an ISMS (Information Security Management System) standard. An ISMS is a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization’s information risk management processes. An international standard, the ISO 27001 applies controls from the following areas: security policy, organization and information security, asset management, human resources security, physical and environmental security, communication and operations management, access control, information systems acquisition, security incident management, business continuity management, and compliance. The ISO 27001 compliance report delivered by KirkpatrickPrice verifies that Gorilla Logic has implemented adequate administrative, physical, and technical controls to address their security risks.

“For Gorilla Logic, getting the ISO 27001 compliance report was an invaluable exercise. We engaged with KirkpatrickPrice for our gap analysis and internal audit—they were with us every step of the way. We are thrilled to have this certification and improve our security management practices,” said Jay Wallingford, Gorilla Logic CTO.

“ISO 27001 provides excellent guidance for developing an Information Security Management System,” said Joseph Kirkpatrick, President of KirkpatrickPrice. “Gorilla Logic’s audit against the ISO 27001 guidelines on information security controls demonstrates that a widely respected and international standard has been utilized to select controls as part of their own information security management practices.”

About Gorilla Logic

Gorilla Logic provides nearshore Agile teams to Fortune 500 and SMB companies, bringing unparalleled expertise in the delivery of full stack web, mobile, and enterprise applications. Our highly collaborative, Agile Gorillas are uniquely qualified to implement complex software initiatives and are skilled at large Agile implementations—we’re a Scaled Agile® Silver Partner. With offices in the United States, Costa Rica, and Colombia, Gorilla Logic helps clients gain competitive advantages to achieve results faster.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over a thousand clients in North America, South America, Asia, Europe, and Australia. The firm has more than a decade of experience in information security by performing assessments, audits, and tests that strengthen information security practices and internal controls. KirkpatrickPrice most commonly performs assessments on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA frameworks, as well as advanced-level penetration testing. For more information, visit www.kirkpatrickprice.com, connect with KirkpatrickPrice on LinkedIn, or subscribe to our YouTube channel.

 

Independent Audit Verifies Trinity Real Estate Solutions’ Commitment to Security

Dallas, TX – Trinity Real Estate Solutions, a national provider of specialty inspections, construction lender services, and appraisals, proudly announces the successful completion of its annual SOC 2 Type II audit, performed by KirkpatrickPrice. This attestation demonstrates Trinity Real Estate Solutions’ ongoing commitment to create and maintain the strictest data security controls, ensuring the highest level of services is provided to their customers.

“We believe data protection is a fundamental right in today’s world; thus, Trinity understands SOC 2 is absolutely essential within the client environment across every communication channel,” explains Brad Meyer, President and CEO, Trinity. “The successful renewal of our SOC 2 audit provides Trinity’s customers assurance while preserving their most critical assets. We know our data security is absolutely covered – from our software development process, to how our IT team operates, to our business continuity plan, to everything in between. The entire Trinity team is fully committed to working through every aspect of our security at the highest level, doing whatever it takes to ensure our customers’ data is safe and secure at all times.”

“Trinity Real Estate Solutions delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Trinity Real Estate Solutions’ controls,” said Joseph Kirkpatrick, President of KirkpatrickPrice.

A SOC 2 audit provides an independent, third-party validation, ensuring a service organization’s information security practices meet industry standards stipulated by the AICPA. During the audit, a service organization’s non-financial reporting controls are tested, as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. The SOC 2 report, delivered by KirkpatrickPrice, verifies the suitability of the design and operating effectiveness of Trinity Real Estate Solutions’ controls to meet the standards for these criteria.

About Trinity Real Estate Solutions

Trinity Real Estate Solutions®, Inc. is a national provider of residential and commercial construction lending services, draw inspections, appraisal services property preservation, broker price opinions, consulting services, appraisals and specialty inspections (e.g. merchant site inspections, disaster inspections, collateral inspections). Its products are designed to mitigate risk and provide onsite assessments of properties. Founded in 2003, Trinity has grown from one company in a specialized industry to six companies today – Trinity Inspection Services®, Trinity Commercial Services, Trinity Field Services®, Trinity Appraisal Services®, Trinity Loan Administration®, and Trinity Residential Land Services® — operating in the banking, mortgage lending, credit card and insurance industries nationwide. Headquartered in Dallas, Texas, Trinity partners with more than 10,000 field appraisers, inspectors, contractors, engineers, architects, surveyors, and brokers across the country. They serve small, regional, and national customers.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over a thousand clients in North America, South America, Asia, Europe, and Australia. The firm has more than a decade of experience in information security by performing assessments, audits, and tests that strengthen information security practices and internal controls. KirkpatrickPrice most commonly performs assessments on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA frameworks, as well as advanced-level penetration testing. For more information, visit www.kirkpatrickprice.com, connect with KirkpatrickPrice on LinkedIn, or subscribe to our YouTube channel.

business people walking

The goal of systems hardening is to further protect your organization by reducing vulnerabilities in your applications, systems, and information technology infrastructure. By doing so, you’re creating less opportunity for malicious attacks and operational malfunctions because you are removing unnecessary programs, applications, and access points that increase the security of your system. Just as removing unnecessary hazards on a busy interstate increases traffic flow and reduces risk of accidents, removing unnecessary technology in your system decreases the risk of malicious activity and can increase overall operational productivity.

System Hardening Standards

For all the parts of your ever-changing systems, you want to prevent attacks and vulnerabilities as best you can. Hardening your network, servers, applications, database, and operating systems is a great start to meeting industry-accepted configuration standards. Your hardening standards will vary as your systems and technology will differ, but you can focus on developing standards to implement these five areas of system hardening:

Network Hardening
  • Firewall configuration
  • Regular network auditing
  • Limit users and secure access points
  • Block unnecessary network ports
  • Disallow anonymous access
Server Hardening
  • Administrative access and rights are allocated properly
  • Secure your data center where servers are located
  • Disallow shut down initiation without log in
Application Hardening
  • Application access control
  • Remove default passwords
  • Implement password best practices
  • Configure account lockout policy
Database Hardening
  • Implement admin restrictions on access
  • Encrypt data entering and leaving the database
  • Remove unused accounts
Operating System Hardening
  • Apply necessary updates and patches automatically
  • Remove unnecessary files, libraries, drivers, and functionality
  • Log all activity, errors, and warnings
  • Limit sharing and system permissions
  • Configure file system and registry permissions

The implementation of these hardening techniques is by no means a comprehensive approach to security, but it’s a great start to ensure your organization is headed in the right direction for a more secure information security program. By gathering the right tools and techniques, you can set yourself up for security success.

Industry-Recognized Experts on System Hardening

The information security industry has endless information on industry-accepted system hardening standards through experts such as CIS, NIST, and SANS. You can dive deeper into hardening standards through NIST’s National Checklist Program for IT Products, NIST’s Guide to General Server Security, and security hardening checklist examples from SANS and The University of Texas at Austin. These experts have extensive resources to provide you with industry-accepted standards for all your security needs. At KirkpatrickPrice, our security practices are influenced and built upon the foundation of these industry-recognized experts. As you establish your own system hardening techniques, you can turn to these experts and the information security specialists at KirkpatrickPrice for security guidance. Contact us, today, to learn how we can help you further establish your security presence.

More Resources

Compliance is Never Enough: Hardening and System Patching

PCI Requirement 6.2 – Ensure all Systems and Software are Protected from Known Vulnerabilities

SOC 2 Academy: Detect and Monitor Changes in Your System Configurations