SERVICES

AuditOne LLP Service Offerings:

• AICPA SOC 1, SOC 2, SOC 3 Attestation Reports
• ISO/IEC 27001:2022 Stage 1, Stage 2, and Surveillance Reviews
• HIPAA, CCPA, GDPR Privacy Audits

AICPA Attestation Reports

SOC 1: Evaluates controls for:

Internal Controls Over Financial Reporting (ICFR).

• Type I: Assessment of control design.
• Type II: Assessment of design and operational effectiveness over time.

SOC 2: Evaluates controls for:

Security, Availability, Processing Integrity, Confidentiality, and Privacy (Trust Services Criteria).

• Type I: Control design review.
• Type II: Design and operational effectiveness review over time.

SOC 3: Public version of a SOC 2 audit.

• Includes a trust seal for marketing and assurance purposes.
• These services cater to financial, security, and public trust needs, aligning with stakeholder and regulatory expectations.

ISO/IEC 27001:2022 Reviews

Stage 1 Audit (Readiness Assessment):

• ISMS documentation review.
• Gap analysis and readiness evaluation.
• Recommendations for compliance improvement.

Stage 2 Audit (Certification Audit):

• Comprehensive ISMS implementation assessment.
• Control testing and compliance verification.
• Certification decision and corrective action guidance.

Surveillance Reviews (Annual Monitoring):

• Ongoing ISMS compliance and effectiveness checks.
• Review of updates, risk management, and continual improvement.
• Feedback for maintaining certification status.

Recertification Audit:

• Full reassessment of ISMS for certification renewal (every three years).

HIPAA, CCPA, GDPR Privacy Audits

We provide comprehensive privacy audit services tailored to HIPAA, CCPA/CPRA, and GDPR compliance. For HIPAA, we assess risks to electronic protected health information (ePHI), ensure Privacy and Security Rule compliance, review breach response policies, and verify Business Associate Agreements (BAAs). For CCPA/CPRA, we conduct data mapping, evaluate consumer rights mechanisms, review privacy notices, assess data security practices, and audit vendor management. For GDPR, we review Data Protection Impact Assessments (DPIAs), validate lawful processing bases, ensure compliance with data subject rights and cross-border data transfer mechanisms, and assess breach management processes.