Services and Security

NYRC provides optimal quality assessment services through our network of healthcare professionals.  Clinical and physical accountability for the outcomes of the service provided, and the overall status of our community, is paramount to NYRC. Our vision is to be recognized as the “gold standard” with respect to the provision of independent assessment services.

AT 101 SOC 2 Audit and Trust Service Principles

NYRC completed the AT 101 SOC 2 Type 2 Audit which was conducted by a certified third-party auditor. The audit, based on updated standards developed by the American Institute of Certified Public Accountants, is intended for reports on controls at a service organization that are likely to be relevant to clients’ internal controls over non-financial reporting. An engagement and subsequent report performed under this standard is known as a Service Organization Controls (SOC) 2 Report. SOC 2 is appropriate for organizations that provide services to another organization.

The AT 101 SOC 2 Type 2 audit is performed in accordance the Trust Services Principles, testing and reporting on the design (Type I) and operating (Type II) effectiveness of a service organization’s controls. The SOC 2 report focuses on a business reporting controls as they relate to security, availability, processing, confidentiality, and privacy of a system.

The Trust Service Principles focus on four areas: policies, communications, procedures and monitoring. Each of the principles has defined criteria controls that must be met to demonstrate adherence to the principles.

NYRC provides independent medical examination and review services to its clients that involve securing data, managing records and processing referrals to perform these services. NYRC’s services are provided through a private virtual cloud-computing network. NYRC also manages its data centre instead of outsourcing the critical IT function to a third party. With these operating attributes, the SOC 2 audit standard is the most appropriate to evaluate the security and integrity of the network and data centre process controls.