Alleaves Receives SOC 1 Type II, SOC 2 Type II & HIPAA Attestations
by Laura Formby / March 5th, 2025
March 5, 2025 – Deerfield Beach, FL – Alleaves, a provider of ERP software solutions to the cannabis industry, today announced that it has completed its SOC 2 Type II audit, SOC 1 Type II audit and HIPAA audit, performed by KirkpatrickPrice. These attestations provide evidence that Alleaves has a strong
commitment to security and to delivering high-quality services to its clients by demonstrating that
they have the necessary internal controls and processes in place.
A SOC 2 audit provides an independent, third-party validation that a service organization’s
information security practices meet industry standards stipulated by the AICPA. During the audit, a
service organization’s non-financial reporting controls as they relate to security, availability,
processing integrity, confidentiality, and privacy of a system are tested. The SOC 2 report delivered
by KirkpatrickPrice verifies the suitability of the design and operating effectiveness of Alleaves’
controls to meet the standards for these criteria.
A SOC 1 audit also provides an independent, third-party validation that a service organization’s
information security practices meet industry standards stipulated by the AICPA, but it also includes
SSAE 18. During the audit, a service organization’s controls that are relevant to ICFR are tested and
their design and operating effectiveness verified.
The Health Insurance Portability and Accountability Act (HIPAA) sets a national standard for the
protection of consumers’ Protected Health Information (PHI) and electronic Protected Health
Information (ePHI) by mandating risk management best practices and physical, administrative, and
technical safeguards. HIPAA was established to provide greater transparency for individuals whose
information may be at risk, and the Department of Health and Human Services’ Office for Civil
Rights enforces compliance with the HIPAA Privacy, Security, and Breach Notification Rules.
The goal of the HIPAA Security Rule is to create security for ePHI by ensuring the confidentiality,
integrity, and availability of ePHI, protecting against threats, protecting against unpermitted
disclosures, and ensuring workforce compliance. The independent testing performed by
KirkpatrickPrice confirms the controls implemented to protect ePHI are properly designed and
implemented.
“At Alleaves, we are committed to delivering technology that not only empowers operators but also
protects their businesses and their customers. Achieving these certifications reinforces our
dedication to security, compliance, and operational integrity—ensuring that our clients can focus on
growth and innovation with confidence.”
— Dr. Moe Afaneh, Chief Operating Officer of Alleaves
“Strong security and compliance aren’t just milestones—they’re a core part of how we build and
refine our technology. This audit was an opportunity to stress-test our systems, identify areas for
improvement, and reinforce the trust our clients place in us. We’re constantly evolving to stay ahead
of industry expectations, ensuring Alleaves remains a secure and reliable foundation for operators
to grow their businesses.”
— David Terrell, Chief Technology Officer of Alleaves
“We determined from our reviews that Alleaves has good technical controls in place in accordance
with multiple industry-accepted standards,” said Joseph Kirkpatrick, President of KirkpatrickPrice.
“As a result, their clients can be assured of their reliance on Alleaves’ controls. We admire their
commitment to providing trusted services and dedication to upholding industry best practices.”
About Alleaves:
Alleaves was founded with a knowledge of cannabis cultivation, manufacturing, and sale
embedded in the company’s culture. Its ultimate goal is to optimize the unique complexity of
the cannabis journey affecting its operator customers, with a top-of-the-line ERP platform,
focusing on the flexibility for customers to choose elements of its cohesive system designed
to improve cannabis operator business operations. For more information, please visit
Alleaves’ website at www.alleaves.com.
About KirkpatrickPrice:
KirkpatrickPrice is the leader in cyber security and compliance audit reports. Their experienced auditors know audits are hard, so they take complicated audits such as SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST, GDPR, and ISO 27001 and make them worth it. The firm has issued over 20,000 reports to over 2,000 clients worldwide, giving its clients trusted results and the assurance they deserve. Using its Online Audit Manager, the world’s first compliance platform, KirkpatrickPrice partners its clients with an expert to guide them through the entire audit process, from audit readiness to final report. For more information, visit kirkpatrickprice.com, follow KirkpatrickPrice on LinkedIn, or subscribe to our YouTube channel.
