HIPAA Record Retention Requirements: How Long Should We Retain ePHI Data?

By Rob Pierce on August 2, 2017August 2, 2017

One of the areas we are required to evaluate on every HIPAA audit or compliance assessment is whether our client is compliant with HIPAA’s record retention requirements.

Advantages of Investing in a SOC 2 Report

By Rob Pierce on December 4, 2015January 11, 2017

Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.

Which SOC Report is Right for your Organization?

By Nicole Hemmer on July 14, 2015May 10, 2017

Recently, we have noticed that clients of service organizations are asking for a “SOC” report in general, and not necessarily specifying which type of report they are looking for [i.e., SOC 1 (f. SSAE 16), SOC 2, or SOC 3].

SOC 3 Reports: When do they make sense?

By Rob Pierce on June 2, 2015May 10, 2017

Some of our clients occasionally ask us when it is a good idea to get a SOC 3 report. The answer for most companies is that a SOC 3 is not necessary.

The Security of Health Insurance Exchanges – “MARS-E”

By Kerry Shackelford on April 7, 2015April 7, 2015

Under the Patient Protection and Affordable Care Act (the “ACA”), health insurance marketplaces have been set up to facilitate the purchase of health insurance in each state.

SOC 2 Common Criteria vs. Old TSPs

By Rob Pierce on March 25, 2015March 24, 2015

On December 15, 2014, the new SOC 2 Common Criteria took effect. What does that mean for your SOC 2 audit?

SOC Reporting History and Fundamentals

By Ben Montgomery on March 11, 2015May 10, 2017

The ever-growing emphasis on governance, risk management, and compliance has driven companies to focus on internal controls over all aspects of their operations.

Signs You Should be Receiving a SOC Report/Examination

By Nicole Hemmer on February 26, 2015May 10, 2017

A SOC (Service Organization Control) report is a report on controls at a service organization related to various types of subject matter, for example: controls that affect user entities’ financial reporting; controls that affect the security, availability, and processing integrity of the systems; or the confidentiality or privacy of the information processed for user entities’ clients.

Update in Riley vs. California Cell Phone Privacy Case

By Rob Pierce on July 16, 2014July 16, 2014

In our last newsletter we outlined some of the ongoing privacy litigation that was underway and specifically cited the Riley vs. California case that was still being decided by the U.S. Supreme Court.

Updated Trust Services Principles for SOC 2 Reports

By Newel Linford on June 19, 2014June 20, 2014

The Trust Services Principles and Criteria (TSP Section 100) has been updated for SOC 2 reports.