CPA Firm Demonstrates Its Commitment to Performing the Highest-Quality SOC Engagements for Service Organizations

Tampa, FL – KirkpatrickPrice, a licensed CPA firm, today announced that Joseph Kirkpatrick, Managing Partner, has received the recently-developed Advanced SOC for Service Organizations certificate. KirkpatrickPrice specialists continually strive to remain up-to-date on industry trends in order to best help clients keep their organizations safe and secure.

To earn the Advanced SOC for Service Organizations certificate, individuals must demonstrate the ability to evaluate and analyze the core concepts related to planning, leading, performing and reporting on SOC 1 and SOC 2 engagements by completing a rigorous online exam. This exam was developed by leading subject matter experts from the Association of International Certified Professional Accountants.

The Advanced SOC for Service Organizations certificate adds to Joseph Kirkpatrick’s CISSP, CGEIT, CISA, CRISC, and QSA certifications. As Managing Partner, Kirkpatrick has led KirkpatrickPrice to perform high-quality SOC engagements for over 12 years. SOC 1 engagements focus on the controls of a service organization that are relevant to an audit of a user entity’s financial statements as they relate to the AICPA’s Trust Services Criteria, which include security, availability, processing integrity, confidentiality, and privacy of a system. Federal regulations such as Sarbanes-Oxley, Gramm-Leach-Bliley and the Health Insurance Portability and Accountability Act (HIPAA) require corporations to audit the internal controls of their suppliers, including those that provide technology services.

About the Association of International Certified Professional Accountants

The Association of International Certified Professional Accountants (the Association) combines the strengths of the American Institute of CPAs (AICPA) and The Chartered Institute of Management Accountants (CIMA) to power opportunity, trust and prosperity for people, businesses and economies worldwide. It represents 650,000 members and students in public and management accounting and advocates for the public interest and business sustainability on current and emerging issues. With broad reach, rigor, and resources, the Association advances the reputation, employability and quality of CPAs, CGMAs, and accounting and finance professionals globally.

About the American Institute of Certified Public Accountants

The AICPA is the world’s largest member association representing the accounting profession, with more than 412,000 members in 144 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting. The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialty credentials for CPAs who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. Through a joint venture with the Chartered Institute of Management Accountants, it has established the Chartered Global Management Accountant designation, which sets a new standard for global recognition of management accounting.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 12 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, GDPR, ISO 27001, FISMA, and CFPB frameworks. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on Twitter (@KPAudit), or connect with KirkpatrickPrice on LinkedIn.

Have you been hearing about the General Data Protection Regulation? Do you collect, use, or process personal data of subjects in the European Union? What is GDPR? Who must comply? How can you prepare? Should you complete a GDPR assessment? With the repercussions of data breaches hitting the headlines more often every day, it’s important to understand how this privacy legislation is going to affect your business and to ask yourself: are you ready for GDPR compliance?

What is GDPR?

The Data Protection Directive (DPD) has been in place for 20 years, setting a minimum standard for data protection laws in European Union Member States. Many of these states have taken legislation to the next level when it comes to protecting personally identifiable information, making it increasingly difficult for EU citizens to know how their rights and information are being protected across Europe, and for organizations to determine which laws apply when working across multiple Member States.

Born out of cybercrime threats, technology advances, and concerns about data misuse, this legislation will require all data controllers and data processors that handle personal data of EU residents to “implement appropriate technical and organizational measures…to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.” GDPR is enforceable and is equivalent to a US Federal Law, and failure to comply with GDPR can lead to fines of up to €20 million or 4% of annual global turnover – whichever is greatest.

Who Must Comply with GDPR?

GDPR applies to any entity collecting, using, or processing personal data of any data subject in the European Union. It’s important to note that this doesn’t just apply to organizations working within the EU, but also any organization in the world providing services to data subjects within the EU, and according to a general consensus, approximately 66% of US companies will be subject to this data protection law. GDPR requires organizations based outside the EU to nominate a representative organization within the EU where the target data subjects are based, and must be mandated by the data controller or processor to be addressed by the supervisory authority or data subjects on all issues relating to the processing of personal data.

What is Personal Data?

According to GDPR, personal data is defined as any information relating to an identified or identifiable person, or data subject, who can be identified by a name, an ID number, location data, or physical, physiological, genetic, mental, economic, cultural, or social identity.

What is a Data Controller?

The data controller is the organization that determines the purpose for processing personal data and what processing will be done. Processing, according to GDPR, includes the collection and storage of information. It is possible for an organization to be accountable as the data controller, but not otherwise involved with any actual processing of personal data.

What is a Data Processor?

A data processor is any organization or entity that processes personal data on behalf of a data controller. Processing is essentially anything done to the data, including storing, archiving, or reviewing. It is possible, and sometimes common, for an organization to be both a data controller and a processor.

GDPR became effective May 25, 2018, so if you’ve not begun preparing, you should start now. In a highly data-driven world, it’s our responsibility to help protect organizations from data and privacy breaches. For more information on how you can complete a GDPR assessment, contact us today.

More Resources

California Consumer Privacy Act vs. GDPR

Most Common Privacy Gaps

What Does GDPR Mean for Marketing

Independent Audit Verifies lienwaivers.io Internal Controls and Processes

Sioux City, IA – lienwaivers.io, an electronic construction disbursement platform, today announced that it has completed its SOC 1 (SSAE 18) Type I and SOC 2 Type I audit. This attestation verifies that lienwaivers.io has the proper internal controls and processes in place to deliver high quality services to its clients.

KirkpatrickPrice, a licensed CPA and PCI QSA firm, performed the audit and appropriate testing of lienwaivers.io’s controls that may affect its clients’ financial statements. A SOC 1 Type I report is in compliance with the SSAE 18 auditing standards and focuses on the controls of a service organization that are relevant to an audit of a user entity’s financial statements. This report includes lienwaivers.io’s description of controls as well as the detailed testing of its controls at a specific point in time. The standard demonstrates that an organization has adequate controls and processes in place. Federal regulations such as Sarbanes-Oxley and the Gramm-Leach-Bliley Act require corporations to audit the internal controls of their suppliers, including those that provide technology services.

SOC 2 engagements are based on the AICPA’s Trust Services Principles. SOC 2 service auditor reports focus on a Service Organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. KirkpatrickPrice’s service auditor report verifies the suitability of the design and operating effectiveness of lienwaivers.io’s controls to meet the criteria for these principles.

“We’re serious about building great software,” stated Geoff Arnold, CEO of lienwaivers.io, “And a key component of that is giving security and compliance a central role in the software development process.  With the completion of our SOC 1 Type I and SOC 2 Type I audit, we are setting a new standard for security and reliability in construction software.”

“lienwaivers.io’s customers and partners rely on them to protect consumer information,” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. “As a result, lienwaivers.io has implemented best practice controls demanded by their customers to address information security and compliance risks. Our third-party opinion validates these controls and the tests we perform provide assurance regarding the managed solutions provided by lienwaivers.io.”

About lienwaivers.io

At lienwaivers.io, we’re building the best-in-class cloud-based construction disbursement solution. Our platform uses leading technology to save builders time and money while reducing their operational risk.  Our products span lien waiver creation and tracking, electronic payments, electronic notarizations, and tax form preparation. In addition to a la carte features, we offer a partner-friendly API that allows organizations to offer their customers/partners a white label experience. We integrate with popular construction accounting and project management software such as Sage 100, Sage 300, Quickbooks, Xero and Procore, and offer custom integrations where needed.  Our cloud-based software is pay-as-you-go, with no expensive installations or complicated training. For more information, visit https://lienwaivers.io or follow us online at @lienwaivers on Twitter or Facebook.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 12 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, ISO 27001, FISMA, and CFPB frameworks. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on Twitter (@KPAudit), or connect with KirkpatrickPrice on LinkedIn.

 

Independent Audit Verifies Align’s Internal Controls and Processes and HIPAA Security Rule Compliance

New York, NY – Align, the premier global provider of technology infrastructure solutions, today announced that it completed its SOC 1 Type II audit. This attestation marks another milestone for Align, validating its ongoing commitment to delivering industry-leading services to its clients by operating at the highest level of transparency and standards.

“For over 30 years, our customers have depended on us to build and manage their technology in addition to protecting their sensitive business information,” stated Jim Dooling, CEO of Align. “This certification process builds upon Align’s enduring commitment to full transparency and delivery of services to the highest standards in the industry.”

KirkpatrickPrice, a licensed CPA and PCI QSA firm, performed the audit and appropriate testing of Align’s controls that may affect its clients’ financial statements. In accordance with SSAE 18 (Statements on Standards for Attestation Engagements), the SOC 1 Type II audit report includes Align’s description of as well as the detailed testing of its controls.

“Many of Align’s clients rely on Align to protect consumer information,” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. “As a result, Align has implemented best practice controls demanded by their customers to address information security and compliance risks. Our third-party opinion validates these controls and the tests we perform provide assurance regarding the managed solutions provided by Align.”

Align’s Managed IT Services and Cybersecurity practice delivers secure, strategic and outcome-driven solutions for its customers.  Align’s team of certified, highly technical experts has the experience, adaptability and decision-making maturity to maintain clients’ entire IT ecosystems and address operational risk management issues.

“This attestation represents another significant achievement in Align’s ongoing commitment to ensure industry-leading managed service and cybersecurity solutions for its clients and customers,” said Vinod Paul, COO of Align. “Over the past year, Align has developed exclusive reporting platforms for its clients built upon technologies utilizing the ServiceNow platform.  These investments allow our clients full transparency of their business processes with smart and safe workflows and data management.”

About Align

Align is a premier global provider of technology infrastructure solutions. For over 30 years, leading firms worldwide have relied on Align to guide them through IT challenges, delivering complete, secure solutions for business change and growth. Align is headquartered in New York City and has offices in London, Chicago, San Francisco, Arizona, New Jersey, Texas and Virginia. Learn more at www.align.com and www.aligncybersecurity.com.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on Twitter (@KPAudit), or connect with KirkpatrickPrice on LinkedIn.

HITRUST released the HITRUST CSF v9 as more and more organizations look to the CSF as a way to ensure security and compliance with relevant laws. This new release displays HITRUST’s continuing “evolution of the HITRUST CSF in providing organizations with a comprehensive, common approach to managing information privacy and security risks, including cyber.” In an effort to ease the burden of overwhelming compliance demands with all of the requirements that are relevant to healthcare organizations, HITRUST prioritizes regular updates to the CSF in order to incorporate evolving regulations and standards. So, what’s new in HITRUST CSF v9? What do organizations need to know when preparing for HITRUST CSF v9 Certification? Here is a summary of the changes to HITRUST CSF v9.

What is HITRUST?

In case you are not yet familiar with the HITRUST CSF, it’s important to understand who HITRUST is and what they have set out to accomplish for entities in the healthcare industry. HITRUST, a not-for-profit organization, was “born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges.” HITRUST is also a leader in advocacy, awareness, and education relating to the protection of health information. The HITRUST CSF is a certifiable framework that gives organizations a comprehensive, flexible, scalable, and efficient approach to risk management and regulatory compliance.

What’s New in HITRUST CSF v9?

One thing to note is that the number of HITRUST CSF controls required for HITRUST CSF Certification has increased from 66 to 75 controls. This allows organizations to leverage one risk assessment to receive a standardized report against a common set of security and privacy controls for an “assess once, report many” approach.

One of the biggest updates to HITRUST CSF v9 is the incorporation of the NIST Cybersecurity Framework. Cyber threats are a major concern for organizations in the healthcare space, so with v9, a HITRUST CSF assessment will include all necessary controls to address NIST CSF requirements for cybersecurity.

The HITRUST CSF v9 release also incorporates the following:

  • Federal Financial Institutions Examination Council (FFIEC) Information Security Handbook – This addition helps financial organizations, specifically those providing their own health benefits, to make use of the HITRUST CSF Assessment report easier.
  • Federal Risk and Authorization Management Program (FedRAMP) – The addition of FedRAMP helps organizations reliant on cloud-based services to identify a common set of controls for both the provider and the consumer, and provide future guidance on the roles and responsibilities of each.
  • Department of Homeland Security (DHS) Critical Resilience Review (CRR) cybersecurity criteria – This addition helps to enhance cybersecurity assurances.
  • Office for Civil Rights’ (OCR) Audit Protocol v2 – As most organizations seeking HITRUST CSF Certification are also subject to HIPAA laws and regulations, this addition ensures that those organizations are prepared to demonstrate compliance with HIPAA laws.
  • 21 CFR Part 11 – This addition better supports organizations required to demonstrate FDA compliance.

Click here for more information on the HITRUST CSF and contact us for any questions regarding how to get started with your HITRUST CSF Certification process.