System & Organization Controls (SOC)

System and Organization Controls (SOC) reports are a widely accepted platform for organizations to demonstrate the design and effectiveness of their system of internal controls.

SOC reports are issued under Statements on Standards for Attestation Engagements 18 as published by the American Institute of Certified Public Accountants (AICPA), and are commonly referred to as SSAE 18 examinations.



The Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the additional provisions within the Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 consists of a series of regulatory standards pertaining the safeguarding of protected health information (PHI). Organizations that must be HIPAA compliant are classified by the regulation as either Covered Entities or Business Associates. The requirements of HIPAA are organized into three rules: Privacy Rule, Security Rule, and Breach Notification Rule.

An independent assessment can give your customers, regulators, and stakeholders confidence in your organization’s compliance with one or all three of the HIPAA rules.

Talk to us btn-arrow


The Drug Enforcement Administration (DEA) regulates the electronic prescription of controlled substances and in 2010 issued its final rule within Title 21 of the Code of Federal Regulations Part 1311. This rule requires that electronic prescription and pharmacy management applications must demonstrate compliance with the technical standards set forth in 21 CFR Part 1311 via a third-party audit at each of the following:

1-Before the application may be used to create, sign, transmit, or process controlled substance prescriptions
2-Whenever functionality related to controlled substance prescription requirements is altered or every two years, whichever occurs first

AssurancePoint offers a comprehensive third-party audit and reporting program. We aim to educate and assist our clients in navigating the complexities of the DEA regulation and provide a quality report on compliance. We are a registered CPA firm and our EPCS compliance reports are signed by a designated Certified Information Systems Auditor meeting both the competency requirements set forth by federal regulations.

Talk to us btn-arrow

Our Examination Process

Defined and tested process to streamline your examination, empower you with information, and deliver quality.



Readiness Assessment:

  • Detailed control mapping
  • Identification of gaps
  • Actionable recommendations by AssurancePoint

All detailed in a readiness report delivered by AssurancePoint. Free For New Clients

Learn More btn-arrow


Remediation & Planning For Initial Assessment:

  • Client remediation of identified gaps with AssurancePoint guidance
  • Distribution of information request
  • Examination kickoff meeting and distribution of project calendar


Examination Fieldwork:

  • AssurancePoint examination of evidentiary documentation
  • Procedure walkthroughs
  • Regular project status communication
  • Fieldwork closing meeting


Review Of Draft Report And Issuance Of Final Report:

  • Issue draft examination report for client review
  • Upon client approval, issue a final examination report
  • Project setup for subsequent examination



Introduction to the SOC for Cybersecurity

The rise and institutionalization of cyber-attacks and data breaches within the corporate landscape has justifiably…

Learn more btn-arrow February 7, 2023

What is a SOC 2 – Overview, Who Needs One, and How to Obtain a Report

We often find our new clients in a familiar position – An existing or potential…

Learn more btn-arrow February 7, 2023