skip to main content



Sharing data and information with customers, business partners, and suppliers is the new normal in today’s business world. However, with the benefits of sharing comes a fair amount of risk. Although a company can shift accountability to service organizations, management is still accountable for ensuring appropriate controls are in place to protect an organization’s reputation.

Understanding the SOC for Supply Chain Report

Supply chains were pushed to their breaking point through the global COVID-19 pandemic, and geopolitical tensions, economic instability, and increasing cybersecurity concerns continue to threaten the global supply chain. As a result, supply chains are evolving and becoming more complex in an effort to prevent a situation similar to what we have seen from 2020-2022.

Understanding the fragility of our supply chain and its vulnerability to cyberattacks, the American Institute of Certified Public Accountants (AICPA) recognized the need for members of the supply chain to have a better understanding of controls in place within supply chains. In order to better understand the importance of supply chain controls, it’s crucial to understand the emerging trends that are reshaping the supply chain.

Learn More

Technology, Risk & Compliance Services

UHY’s professionals offer decades of experience and success in IT assurance and consulting.  Our team includes professionals with specialized technology skills and extensive IT controls knowledge. This depth of skills and experience, combined with our approach to risk and compliance, allows us to provide our clients with personalized solutions that address their needs. 

The most prevalent strategy for understanding and monitoring controls at a service provider is to request a third-party compliance report based on an appropriate security and technology framework. If your organization stores or processes client information, chances are you have had requests from your customers for a compliance report or security questionnaire.

UHY provides a full complement of assessment and compliance solutions to help you differentiate yourself in the marketplace.  Let us help you determine the right risk and compliance solution to set your company apart from competitors.

System and Organization Controls (SOC) Reports

What is a SOC report?

A SOC report is intended to provide customers and stakeholders with assurance regarding the effectiveness of an organization’s system of internal control. The report can be used in a variety of ways, including financial audits, risk management, corporate governance, contractual compliance, etc.


Which SOC Report is right for you?

Other Compliance Frameworks

Our team of Qualified Security Assessors can help you implement an effective approach to PCI-DSS (Payment Card Industry Data Security Standard) compliance.  PCI-DSS compliance is applicable to all entities that store, process and/or transmit cardholder data. UHY will help you demonstrate your organization's ability to protect cardholder data and all systems that interact with payment transactions.

UHY provides covered entities and business associates in the healthcare industry a full scope of HIPAA compliance services, including assessments to identify potential gaps in your compliance with HIPAA standards as well as attestations of compliance with applicable HIPAA/HITECH regulations.  Our services will help you secure personal health information and elevate your overall security posture.

This international standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within the context of the organization. It also includes requirements for the assessment and mitigation of information security risks. The criteria established in ISO/IEC 27001 are generic and are applicable to all organizations, regardless of type, size, or nature.  UHY can provide assessment services or attestation/compliance services related to the ISO/IEC 27001 standard.

The Trusted Information Security Assessment Exchange (TISAX) report is a standardized information security assessment for the automotive industry. The assessment covers information security, prototype protection and data protection for suppliers, OEMs, and partners that contribute to the automobile supply chain.

With privacy laws and regulations becoming more common in the United States and abroad, we have several assessments that will help you navigate the complexities of the legal requirements and technical controls while allowing you to demonstrate compliance to customers and stakeholders.

The NIST Cybersecurity Framework (CSF) is a set of guidelines and leading practices that can be used to prevent, detect, and respond to cyberattacks.  UHY will assist your organization in determining the maturity of compliance and safety within the NIST CSF. UHY can perform assessments to provide guidance on how to manage and reduce IT infrastructure security risk, or conduct an attestation of compliance with applicable elements of the NIST CSF.



Managing Director, UHY Advisors
Farmington Hills, Michigan


Managing Director, UHY Advisors


Principal, UHY LLP
Des Moines, Iowa


Principal, UHY LLP


Managing Director, UHY Advisors
St. Louis, Missouri


Managing Director, UHY Advisors


Cloud Security Assessment

Business is moving at an unprecedented pace, and you need all the advantages to keep up. Misconfigurations could put sensitive data and even your business at risk.  Our cloud security team can detect and identify these risks before they are exploited to ensure your cloud environments stay secure.


Get in Touch

Vulnerability Assessment

Understand and address your weaknesses before a hacker exploits them. We conduct network assessments, testing your internal, external and wireless networks from the perspective of an attacker in a controlled and orderly fashion. We use the same tactics, techniques, and procedures as the cyber criminals to help validate how likely you are to be compromised.

Get in Touch

IT Audit

Our IT audit team is focused on helping our clients evaluate if existing controls protect corporate assets and ensure data integrity. We evaluate IT general controls, system applications, and integrate information technology throughout the audit process to help reduce risk.

Get in Touch
Hide Firm Disclaimer


UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc., and its subsidiary entities. UHY Advisors, Inc.’s subsidiaries, including UHY Consulting, Inc., provide tax and business consulting services through wholly owned subsidiary entities that operate under the name of “UHY Advisors” and “UHY Consulting”. UHY Advisors, Inc., and its subsidiary entities are not licensed CPA firms. UHY LLP, UHY Advisors, Inc. and UHY Consulting are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms. “UHY” is the brand name for the UHY international network. Any services described herein are provided by UHY LLP, UHY Advisors and/or UHY Consulting (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members.

On this website, (i) the term "our firm", "we" and terms of similar import, denote the alternative practice structure conducted by UHY LLP and UHY Advisors, Inc. and its subsidiary entities, and (ii) the term "UHYI" denotes the UHY international network, in each case as more fully described in the preceding paragraph.