AT 101 SOC 2sm Audit and Trust Service Principles

NYRC completed the AT 101 SOC 2sm Type 2 Audit which was conducted by a certified third-party auditor. The audit, based on updated standards developed by the American Institute of Certified Public Accountants, is intended for reports on controls at a service organization that are likely to be relevant to clients’ internal controls over non-financial reporting. An engagement and subsequent report performed under this standard is known as a Service Organization Controls (SOC) 2 Report. SOC 2sm is appropriate for organizations that provide services to another organization.

The AT 101 SOC 2sm Type 2 audit is performed in accordance the Trust Services Principles, testing and reporting on the design (Type I) and operating (Type II) effectiveness of a service organization’s controls. The SOC 2sm report focuses on a business reporting controls as they relate to security and availability of a system.

The Trust Service Principles focus on four areas: policies, communications, procedures and monitoring. Each of the principles has defined criteria controls that must be met to demonstrate adherence to the principles.

NYRC provides independent medical examination and review services to its clients that involve securing data, managing records and processing referrals to perform these services. NYRC’s services are provided through a private virtual cloud-computing network. NYRC also manages its data centre instead of outsourcing the critical IT function to a third party. With these operating attributes, the SOC 2sm audit standard is the most appropriate to evaluate the security and integrity of the network and data centre process controls.