Third Party Attestation

System and Organization Controls (SOC) reporting helps companies increase trust with stakeholders by proactively assessing their internal controls and providing transparency into the effectiveness of their risk management approach. We help clients determine which SOC report is right for them to achieve their objectives. 

The patient-provider relationship is built on trust — trust that providers will offer appropriate medical care and keep patients’ protected health information (PHI) secure.  

The Health Information Trust Alliance (HITRUST) is the most widely adopted security framework in the U.S. healthcare industry. As one of the largest HITRUST Authorized CSF Assessor organizations, we help providers obtain HITRUST certification to build and support that trust by demonstrating their approach to safeguarding patient information. 

As organizations turn to more public-key infrastructure (PKI) and crypto-technologies to meet the newest web-browser and information security regulations, they also need to provide customers, users, and other stakeholders assurance they are meeting their obligations. 

Certification Authorities (CAs) play a crucial role in information security by being the trusted source of identity verification. We have in-depth knowledge of and experience in the CA industry and offer a Webtrust for CAs audit to ensure our clients are compliant with their Certificate Policy and Certification Practice Statements. Our practice leader serves as Chairman of the WebTrust/PKI Assurance Taskforce, the standard setter for PKI-related services and WebTrust attestation. 

From gaining an understanding of our clients’ environment, controls, and policies to WebTrust audits and auditing controls against established criteria, we provide value-added services at every step of the WebTrust process. 

ISO (International Organization for Standardization) is a global standard for companies with international clients. ISO is particularly relevant to organizations managing intellectual property, financial information and collecting or storing sensitive data. We help organizations maintain compliance across numerous ISO standards while navigating today’s complex, interconnected global marketplace. 

The ever-changing technology landscape may expose an organization to new security risks. Managing those risks can present significant challenges, especially for companies with constrained information security resources and/or limited experience with cloud-based technologies. Developed by the Cloud Security Alliance (CSA), CSA STAR addresses these cloud security risks and requirements. It includes options that companies can pursue based on their needs. 

• Level 1: Self-Assessment.
• Level 2: Third-Party Audit. This includes STAR Certification which is an expansion of ISO 27001 certification and STAR Attestation which is an expansion of SOC 2 reporting. 

Applicable to all suppliers who handle Microsoft personal or confidential data on the company’s behalf, Microsoft’s Supplier Security and Privacy Assurance (SSPA) initiative standardizes and strengthens the handling of sensitive information on a global scale. As a Microsoft Preferred Assessor, we help current and prospective Microsoft vendors meet SSPA program requirements as they seek to initiate or renew contracts. 

In 2026, organizations who conduct business with the U.S. Department of Defense will be required to attain a Cybersecurity Maturity Model Certification (CMMC) prior to receiving contract awards. We have extensive experience helping all types of government contractors achieve compliance with federal requirements and are prepared to help support our clients in achieving their CMMC goals through planning, readiness reviews, remediation and ongoing program management.