Attestations & Certifications
CyberGuard Compliance, LLP provides Attestation & Certification services, including SOC Audits, HITRUST Certifications, ISO 27001 Reports, CSA Star Attestations, and various other IT Attestations.
SOC Audits
Our team can work with you for your unique SOC Audit needs, including SOC 1, SOC 2, SOC 2 + CSA STAR, SOC 2 + HITRUST, and SOC 3.
SOC 1 audit reports will be prepared in accordance with Statement on Standards for Attestation Engagements. SOC 1 reports primarily focus on business process and IT general computer controls which may impact internal control over financial reporting.
Whereas SOC 1 audits comprise internal controls over financial reporting, SOC 2 audits focus on controls at a service organization relevant to five Trust Services Principles and Criteria. These AICPA Principles include Security, Availability, Processing Integrity, Confidentiality, and Privacy.
We also combine SOC 2 + CSA STAR and SOC 2 + HITRUST as applicable.
SOC 3
Many companies who perform a SOC 2 audit also choose to perform the SOC 3 audit. This is due to the vast overlap between the scope of the two documents and the cost-effective nature of adding the SOC 3 while performing the SOC 2. SOC 3 Reports are general use reports. This is important, as the report can provide comfort to your company’s many key stakeholders including customers!
Learn about the differences between a SOC 1 and a SOC 2 audit by watching our short video.
HITRUST Certification
The HITRUST Common Security Framework (CSF) is a comprehensive security framework used by Healthcare Organizations and their business associates to effectively and efficiently approach regulatory Compliance and Risk Management needs.
HITRUST unifies recognized standards and regulatory requirements from NIST, HIPAA/HITECH, ISO 27001, PCI DSS, FTC, COBIT, CSA Cloud Controls, and various state specific regulations. HITRUST CSF normalizes compliance requirements and provides clarity and consistency lacking in many standards and regulations making it the most widely-adopted IT Security framework in the U.S. Healthcare Industry.
Obtaining a HITRUST Certification will demonstrate that your company is in compliance with the required safeguards in place to protect ePHI data.
Find CyberGuard Compliance as an approved External Assessor through HITRUST Alliance here.
ISO 27001 Reporting
For companies who have both US-based clients and international clients, compliance may seem like a cumbersome task. Whereas SOC Audits meet the needs of US-based clients, international clients are increasingly asking for ISO 27001 Reports. The ISO 27001 Standard was developed to provide a consistent model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS).
The ISO 27001 Standard adopts the “Plan-Do-Check-Act” Model (PDCA), which is applied to structure all ISMS processes. Our team at CyberGuard Compliance will work closely and collaboratively with your team to determine which sections of the ISO 27001 Standard apply to your operations.
CSA STAR Attestations
The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). Publishing to the STAR Registry allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to.
You can find CyberGuard Compliance, LLC in the CSA STAR Registry here.
Other IT Attestations
We can work with you on a variety of other IT Attestation needs, including HIPAA, GDPR, CCPA, and Agreed Upon Procedures (AUP). Contact CyberGuard Compliance today.
Learn more about our Other Services.