Print Friendly, PDF & Email
 

Cyber Health Check: Outsourced Services

If you outsource services such as payroll processing, loan servicing, data center/co-location/IT Managed Services, Software as a Service (SaaS), or medical claims processing, you rely on the service provider to keep your data secure, maintain confidentiality, integrity of processing, availability of services or systems, and/or privacy. However, AAFCPAs reminds clients that outsourcing may expose your organization to risk and underscores the need for effective vendor due diligence.

AAFCPAs’ IT Security Specialists designed a short 2-minute quiz to assist clients in assessing the security of the services that you outsource. Clients are encouraged to utilize this resource in discussions with your IT services group.

Take AAFCPAs’ Outsourced Services Quiz:

About the Authors

James Jumes
James joined AAFCPAs in 2013 to lead the Business Consulting Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.
Vassilis Kontoglis
Vassilis is a highly-skilled IT professional with proven expertise in: business process improvement and change management, information systems gap analyses, cyber security and IT risk assessments, systems selection & implementation, IT auditing, and special attestation reporting (SSAE 18 and SOC 2). Vassilis performs comprehensive and thorough reviews of technology systems and environments, and advises clients on how to use technology to best achieve business goals and objectives.  He elicits input from stakeholders at all levels of the organizational hierarchy in order to thoroughly evaluate business performance across functional boundaries.  He analyzes current and potential business and IT processes to identify clear opportunities for improvement, which may include streamlining and automation, productivity increases, strategic alignment and cost reductions.