SOC 1

A SOC 1 Report (System and Organization Controls Report) is a report on controls at a service organization which are relevant to user entities’ internal control over financial reporting. The service organization (with the assistance of the auditors) determines what the key control objectives are for the services they provide to their clients. Control objectives are related to both information technology processes and business processes at the service organization.

Organization Examined:

  • Rillion Inc – Service Rillion Prime US

SOC 2

A SOC 2 report also falls under the SSAE 18 standard, though it is specifically addressed in sections AT-C 105 and AT-C 205. The SOC 2 report includes a service organization’s controls that are outlined by the AICPA’s Trust Services Criteria (TSC) that are relevant to its services, operations, and compliance. There are five available criteria that include security, availability, processing integrity, confidentiality, and privacy.

Service Organizations Examined:

  • Rillion Inc – Service Rillion Prime US
  • Rillion AB – Service Rillion Prime EMEA

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.

Covered entities (anyone providing treatment, payment, and operations in healthcare) and business associates (anyone who has access to patient information and provides support in treatment, payment, or operations) must meet HIPAA Compliance. Other entities, such as subcontractors and any other related business associates must also be in compliance.

GDPR

GDPR is a set of rules that protect individuals’ privacy. The legislation regulates the processing of EU residents’ and citizens’ personal data, including collection, use, transfer, monitoring, tracking, and even viewing of personal data. It went into effect on May 25, 2018. Data subjects, as individuals are called in GDPR, have more rights to control their data. All Rillion entities comply to GDPR.

CCPA

The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. This law secures privacy rights for California consumers. All Rillion entities comply to CCPA.

Interesting Readings