Technology, Risk & Compliance Services
UHY’s professionals offer decades of experience and success in IT assurance and consulting. Our team includes professionals with specialized technology skills and extensive IT controls knowledge. This depth of skills and experience, combined with our approach to risk and compliance, allows us to provide our clients with personalized solutions that address their needs.
The most prevalent strategy for understanding and monitoring controls at a service provider is to request a third-party compliance report based on an appropriate security and technology framework. If your organization stores or processes client information, chances are you have had requests from your customers for a compliance report or security questionnaire.
UHY provides a full complement of assessment and compliance solutions to help you differentiate yourself in the marketplace. Let us help you determine the right risk and compliance solution to set your company apart from competitors.
SOC 1®
The SOC 1® is a report that evaluates the controls of the service organization that are relevant to the user organization’s internal controls over financial reporting. This report is most applicable to third party organizations that initiate, process, transmit, record, and report transactions, such as third-party administrators (TPA), payroll processors, claims processors, and loan servicing companies.
Other Compliance Frameworks
PCI
Our team of Qualified Security Assessors can help you implement an effective approach to PCI-DSS (Payment Card Industry Data Security Standard) compliance. PCI-DSS compliance is applicable to all entities that store, process and/or transmit cardholder data. UHY will help you demonstrate your organization's ability to protect cardholder data and all systems that interact with payment transactions.
UHY provides covered entities and business associates in the healthcare industry a full scope of HIPAA compliance services, including assessments to identify potential gaps in your compliance with HIPAA standards as well as attestations of compliance with applicable HIPAA/HITECH regulations. Our services will help you secure personal health information and elevate your overall security posture.
This international standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within the context of the organization. It also includes requirements for the assessment and mitigation of information security risks. The criteria established in ISO/IEC 27001 are generic and are applicable to all organizations, regardless of type, size, or nature. UHY can provide assessment services or attestation/compliance services related to the ISO/IEC 27001 standard.
The Trusted Information Security Assessment Exchange (TISAX) report is a standardized information security assessment for the automotive industry. The assessment covers information security, prototype protection and data protection for suppliers, OEMs, and partners that contribute to the automobile supply chain.
With privacy laws and regulations becoming more common in the United States and abroad, we have several assessments that will help you navigate the complexities of the legal requirements and technical controls while allowing you to demonstrate compliance to customers and stakeholders.
The NIST Cybersecurity Framework (CSF) is a set of guidelines and leading practices that can be used to prevent, detect, and respond to cyberattacks. UHY will assist your organization in determining the maturity of compliance and safety within the NIST CSF. UHY can perform assessments to provide guidance on how to manage and reduce IT infrastructure security risk, or conduct an attestation of compliance with applicable elements of the NIST CSF.
