At Maxwell Locke & Ritter, our IT Security & Compliance practice specializes in providing customized risk management and regulatory compliance solutions that are specifically designed to meet the needs of your company, your customers, and your regulators. Our local team of Certified Public Accountants, Information Security Auditors, and IT Professionals have extensive experience across a diverse range of industries, regulations, and control frameworks. Our team of advisors are available to help your organization navigate today’s complex regulatory environment.
System and Organization Controls (SOC) reports were created to decrease the audit burden on service providers by establishing a standardized report that can be issued to end users. A SOC examination from a reputable firm can serve as a market differentiator for organizations seeking to appeal to a broad range of high value customers. SOC 1 reports, also known as SSAE 18 reports, are designed for organizations that provide services that impact their customers’ financial statements or internal controls over financial reporting. SOC 2 reports are more technical in nature and focus on one or more trust service principles – security, availability, processing integrity, confidentiality, and privacy. SOC 2 reports are relevant to service organizations that are relied upon for the operational needs of their customers or for protecting sensitive customer data. Learn more about SOC Examinations and which SOC report is right for your organization.
Internal Controls Assessments are performed by our local team of Certified Public Accountants and Information Security Auditors based on the internationally recognized COSO Framework. Assessments provide an avenue to identify risk areas and implement controls specifically designed to mitigate risks without being overly burdensome or time consuming. Our Internal Controls Assessments are tailored to each individual client based on industry, applicable regulations, company size, financial systems, and IT architecture. Internal Audit Outsourcing is offered for organizations that are required to comply with Sarbanes-Oxley (SOX). Our team can support an existing internal audit function including audit coordination, control testing, and documentation. SOX readiness evaluations, implementation, and support can also be provided for companies preparing for SOX compliance.
Our team of experts include IT Professionals with experience managing IT and Information Security, as well as Information Security Auditors with experience evaluating companies against internal control and security frameworks. This combination of expertise allows us to truly understand our clients and their security needs and create specific tactical recommendations designed to mitigate security risk based on current threats. With expertise in both cloud-supported environments and on-premise infrastructure, security analyses and recommendations are relevant and customized to your environment. Common security areas addressed include adequacy of cloud security configurations, firewall configuration, vendor security, and employee training.
Organizations that store or process health information or act as Business Associates are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) to protect the privacy and security of protected health information. During a HIPAA Security Assessment, our experienced team evaluates organizations against the HIPAA framework, creates a customized control framework, and identifies and prioritizes areas of noncompliance. Our goal is to help organizations be responsible stewards of personal health information and decrease the risk of fines and penalties resulting from regulatory audits or security breaches.
There are many compliance regulations and frameworks to choose from, each with different benefits and use cases. The NIST Cybersecurity Framework (CSF) is popular among U.S. based companies with cybersecurity concerns, while companies with international operations often select the internationally recognized ISO standards. Our readiness assessments can include an evaluation of your control environment against Payment Card Industry (PCI) or other common security frameworks, identification of control gaps and deficiencies, and assistance with remediation. Our team can also map your unique control list across control frameworks to eliminate duplicate and unnecessary controls, combine similar controls, and identify gaps across control frameworks.
For experienced assistance in these service areas, please contact us today to schedule a consultation. We look forward to helping you reach your security and compliance goals.