CompuMail Achieves Multiple Compliance Achievements

by Sarah Harvey / February 5th, 2019

CompuMail Receives SOC 1 Type II and SOC 2 Type II Attestations, PCI Compliance, HIPAA Security Rule Compliance, and FISMA Compliance

Concord, CA ‚Äď CompuMail, a direct mail company, today announced that it has completed its SOC 1 Type II, SOC 2 Type II, PCI, HIPAA, and FISMA audits. Compliance with these standards verifies that CompuMail has the proper internal controls and processes in place to deliver high quality services to its clients.

KirkpatrickPrice, a licensed CPA and PCI QSA firm, performed the audit and appropriate testing of CompuMail’s controls. SOC 1 Type I is a reporting on the controls at a service organization that was established by the American Institute of Certified Public Accountants (AICPA). This report is in compliance with the SSAE 18 auditing standards and focuses on the controls of a service organization that are relevant to an audit of a user entity’s financial statements. The standard demonstrates that an organization has adequate controls and processes in place. The SOC 1 Type I audit report includes CompuMail’s description of controls as well as the detailed testing of its controls at a specific point in time.

SOC 2 engagements are based on the AICPA’s Trust Services Criteria. SOC 2 service auditor reports focus on a Service Organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. KirkpatrickPrice’s service auditor report verifies the suitability of the design and operating effectiveness of CompuMail’s controls to meet the standards for these criteria.

The PCI Data Security Standard is a complex security standard that focuses on security management, policies, procedures, network architecture, software design, and other critical protective procedures.  These security standards are relevant to any merchant or service provider that uses, stores or transmits information from a payment card. In accordance with the PCI Security Standards Council, KirkpatrickPrice‚Äôs Qualified Security Assessors tested CompuMail‚Äôs controls that are relevant to the storing and transmitting of information from credit, debit, or other payment cards and assisted CompuMail in becoming PCI compliant.

The Health Insurance Portability and Accountability (HIPAA) Security Rule is a national standard set for the protection of consumers’ Electronic Protected Health Information (ePHI). The ePHI that an organization manages must be protected from anticipate breaches by mandating a Risk Assessment and implementing appropriate Physical, Administrative, and Technical Safeguards. HIPAA laws are regulated by the Office for Civil Rights (OCR) and are meant to protect unauthorized use and disclosure of ePHI.

The Federal Information Security Management Act (FISMA) is a United States legislation, enacted as part of the Electronic Government Act of 2002. FISMA’s intent is to protect government information and assets from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems. CompuMail’s FISMA audit was based on the National Institute of Standards and Technology (NIST) Special Publications 800 171 rev. 1 and 800-53 rev. 4.

Stephanie Kaster, EVP and Chief Sales Officer at CompuMail, stated, ‚ÄúCompuMail understands how critical privacy, security, and reliability are to both our business and that of our clients. We recognize that data is one of the most valuable assets we have these days, which is why we’ve established strong quality management practices to protect and maintain data integrity while hosting and processing our clients‚Äô data. Safeguarding data and ensuring compliance with the highest industry standards is of utmost importance to us and we demonstrate this by continuously adding to our list of externally validated certifications.‚ÄĚ

‚ÄúMany of CompuMail‚Äôs clients rely on them to protect sensitive consumer information‚ÄĚ said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. ‚ÄúAs a result, CompuMail has implemented best practice and industry-accepted controls demanded by their customers to address information security and compliance risks. Our third-party opinion validates these controls and the tests we perform provide assurance regarding the direct mail solutions and services provided by CompuMail.‚ÄĚ

About CompuMail

CompuMail cultivates partnerships with our clients to ensure that they receive the best results, under the highest level of data security, at the most competitive price.  We provide mailing and communication services, with a real-time portal to meet your management and oversight needs.  Technology changes, business changes, but our commitment to service doesn‚Äôt.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 800 clients in more than 48 states, Canada, Asia, and Europe. The firm has more than a decade of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks. For more information, visit, follow KirkpatrickPrice on Twitter (@KPAudit), or connect with KirkpatrickPrice on LinkedIn.