Corodata’s Compliance Achievements

KirkpatrickPrice

KirkpatrickPric a licensed CPA and PCI QSA firm, performed the audits and appropriate testing of Corodata’s controls to deem us SOC 1 Type II and HIPAA compliant. KirkpatrickPrice provides assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 12 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, ISO 27001, FISMA, and CFPB frameworks.

HIPAA

The Health Insurance Portability & Accountability Act (HIPAA) sets security standards on medical information. We follow specific protocols set by HIPAA to provide excellent protection for our clients’ information. Our employees go through additional rigorous HIPAA training annually to stay up to date on new laws and security protocols, so they can perform to the utmost of their abilities. This knowledge and training helps our employees uphold our standards for compliance and safety of client information.

SSAE 18

SOC 1 attestations verify that companies have the proper internal controls and processes in place to deliver high quality services to its clients. A Service Organization Control 1 (SOC 1) engagement is an audit of the internal controls (policies, procedures, and technology) which a service provider has implemented to protect client data. SOC 1 engagements are primarily designed to report on the controls of Service Organizations that are relevant to their client’s financial statements and evaluate the productivity of those controls. SOC engagements were established by the American Institute of Certified Public Accountants (AICPA). Federal regulations such as Sarbanes-Oxley, Gramm-Leach-Bliley and the Health Insurance Portability and Accountability Act (HIPAA) require corporations to audit the internal controls of their suppliers, including those that provide technology services.

Six Sigma

A management philosophy that emphasizes our percent failure/success to see areas we need to improve on. We utilize Pivotal Resources to maximize security and productivity in a continued mindset that improves our service to clients. This methodology is a best practice used by Fortune 500 companies to emphasize continuous improvement and a culture of quality.

National Association for Information Destruction

NAID, the standard setting body for the information destruction industry, verifies the qualifications of certified information destruction providers through a comprehensive scheduled and unannounced audit program. Corodata has been awarded NAID certification for plant based and mobile document destruction, as well as hard drive and electronic media destruction.

PCI DSS

PCI DSS ensures we keep your payment card information safe with a security process that prevents and detects security incidents. Corodata takes all the precautions, so you never have to worry about card breaches.

Internal Inspections

In addition to regular third party audits and inspections, Corodata conducts internal monthly audits to remain current on evolving industry and regulatory trends. All locations go through the same rigorous inspections focusing on safety and security of vehicles, facilities, and staff. Each facility is given a checklist at the end of audits with suggestions, comments, and improvements to guarantee we are achieving the highest level of security and compliance. As new trends and requirements emerge within the information governance industry, our internal audits are modified to remain up to date on new requirements and expectations.