CBOSS Meets SOC 1 Type II, SOC 2 Type II, and PCI Standards

by Sarah Harvey / February 22nd, 2019

Independent Audit Verifies CBOSS’s Internal Controls and Processes

Boardman, OH – CBOSS, a payment processor, today announced that it has received their SOC 1 Type II, SOC 2 Type II, and PCI DSS compliance reports. These reports provide evidence that CBOSS has a strong commitment to deliver high quality services to its clients by demonstrating they have the necessary internal controls and processes in place to deliver quality services to its clients.

KirkpatrickPrice, a licensed CPA and PCI QSA firm, performed the audit and appropriate testing of CBOSS’s controls that may affect its clients’ financial statements, non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system, and controls that are relevant to the storing and transmitting of information from credit, debit, or other payment cards.

SOC 1 Type II is a reporting on the controls at a service organization that was established by the American Institute of Certified Public Accountants (AICPA). This report is in compliance with the SSAE 18 auditing standards and focuses on the controls of a service organization that are relevant to an audit of a user entity’s financial statements. The standard demonstrates that an organization has adequate controls and processes in place. The SOC 1 Type II audit report includes CBOSS’s description of controls as well as the detailed testing of its controls over a minimum six-month period.

SOC 2 engagements are based on the AICPA’s Trust Services Criteria. SOC 2 service auditor reports focus on a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. KirkpatrickPrice’s service auditor report verifies the suitability of the design and operating effectiveness of CBOSS’s controls to meet the standards for these criteria.

The PCI Data Security Standard is a complex security standard that focuses on security management, policies, procedures, network architecture, software design, and other critical protective procedures.  These security standards are relevant to any merchant or service provider that uses, stores or transmits information from a payment card. In accordance with the PCI Security Standards Council, KirkpatrickPrice’s Qualified Security Assessors assisted CBOSS in becoming PCI compliant.

“Many of CBOSS’s clients rely on them to protect, process, and store consumer information,” said Joseph Kirkpatrick, President of KirkpatrickPrice. “As a result, CBOSS has implemented best practice controls demanded by their customers to address information security and compliance risks. Our third-party opinion validates these controls and the tests we perform provide assurance regarding the managed solutions provided by CBOSS.”

“CBOSS is committed to delivering robust, secure solutions for payment processing to all our customers,” stated Mike Lendvay, Security & Compliance Manager for CBOSS, Inc. “To that end, we strive to make security and reliability integral to every aspect of our operations. We appreciate the KirkpatrickPrice’s thoroughness and we are proud to have met or exceeded all the requirements they validated.”


The expertise of CBOSS’ specialists empowers all of its clients to focus on their core business, including industry segments such as services, manufacturing, non-profit sector and education.  Solutions include online payment processing, web applications and business process automation.  Since 1994 over 700 businesses and government agencies across the United States and Latin America have looked to CBOSS to deliver feature-rich services and solutions that are cost-effective, reliable and secure.  CBOSS is a validated PCI Compliant Level 1 Service Provider for the Payment Card Industry Data Security Standard (PCI-DSS), which provides the highest levels of security for e-commerce and other e-payment processing services.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 800 clients in more than 48 states, Canada, Asia, and Europe. The firm has more than a decade of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on Twitter (@KPAudit), or connect with KirkpatrickPrice on LinkedIn.