Moonlight BPO Completes SOC 1 Type II, SOC 2 Type II, HIPAA, and PCI Audits

by Sarah Harvey / April 10th, 2017

Independent Audit Verifies Moonlight BPO’s Internal Controls and Processes, HIPAA Security Rule Compliance, and PCI Compliance

Bend, OR – April 2017 – Moonlight BPO, a business process outsourcing company, today announced that it has completed its SOC 1 Type II, SOC 2 Type II, HIPAA, and PCI audits. These attestations verify that Moonlight BPO has the proper internal controls and processes in place to deliver high quality services and a compliant information security control structure.

KirkpatrickPrice, a licensed CPA and PCI QSA firm, performed the audit and appropriate testing of Moonlight BPO’s controls that may affect its clients’ financial statements. In accordance with SSAE 16 (Statements on Standards for Attestation Engagements), the SOC 1 Type II audit report includes Moonlight BPO’s description of controls as well as the detailed testing of its controls over a minimum six-month period.

SOC 2 engagements are based on the AICPA’s Trust Services Principles. SOC 2 service auditor reports focus on a Service Organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. KirkpatrickPrice’s service auditor report verifies the suitability of the design and operating effectiveness of Moonlight BPO’s controls to meet the criteria for these principles.

The Health Insurance Portability and Accountability (HIPAA) Security Rule is a national standard set for the protection of consumers’ Electronic Protected Health Information (ePHI). The ePHI that an organization manages must be protected from anticipate breaches by mandating a Risk Assessment and implementing appropriate Physical, Administrative, and Technical Safeguards. HIPAA laws are regulated by the Office of Civil Rights (OCR) and are meant to protect unauthorized use and disclosure of ePHI. “We determined from our review that Moonlight BPO has good technical controls in place in accordance with industry-accepted standards, and appropriate physical and environmental controls and is in compliance with all HIPAA Security Rule standards,” said Joseph Kirkpatrick, Managing Partner at KirkpatrickPrice.  KirkpatrickPrice’s independent audit determined that all access controls to ePHI stored on Moonlight BPO systems is in compliance with HIPAA requirements.

The PCI Data Security Standard is a complex security standard that focuses on security management, policies, procedures, network architecture, software design, and other critical protective procedures.  These security standards are relevant to any merchant or service provider that uses, stores or transmits information from a payment card.

“Moonlight BPO has always tried to look ahead of our competition and do things differently.  We stay ahead of the game with cutting edge software and equipment.  For more than 10 years Moonlight BPO has invested heavily to remain in compliance with these key security standards long before many of our competitors, ensuring the security of our customer’s data.” – Brenda Grigsby, Owner Moonlight BPO

“Many of Moonlight BPO’s clients rely on them to protect consumer information,” said Kirkpatrick. “As a result, Moonlight BPO has implemented best practice controls demanded by their customers to address information security and compliance risks. Our third-party opinion validates these controls and the tests we perform provide assurance regarding the managed solutions provided by Moonlight BPO.”

SOC 1 Type II is a reporting on the controls at a service organization that was established by the American Institute of Certified Public Accountants (AICPA). This report is in compliance with the SSAE 16 auditing standards which focus on the controls of a service organization that are relevant to an audit of a user entity’s financial statements. The standard demonstrates that an organization has adequate controls and processes in place. Federal regulations such as Sarbanes-Oxley, Gramm-Leach-Bliley and the Health Insurance Portability and Accountability Act (HIPAA) require corporations to audit the internal controls of their suppliers, including those that provide technology services.

About Moonlight BPO

Moonlight BPO is a high security outsource vendor for printing, mailing and document management.  We have been serving our customers’ needs since 1985. We have over 100 customers from the municipal/government, medical, financial, gaming/hospitality and other private/non-profit industries.  Our headquarters are located in Bend Oregon with all work performed in house.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm providing assurance services to over 550 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 12 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SSAE 16, SOC 2, HIPAA, PCI DSS, ISO 27001, FISMA, and CFPB frameworks.