Eventus Solutions Group Successfully Passes SOC 2 Type II Audit
DENVER, CO – Eventus Solutions Group today announced receipt of its Service Organization Control (SOC) 2 Type II attestation engagement report. This report provides independent validation that Eventus’s internal security, availability and confidentiality controls operated in accordance with the American Institute of Certified Public Accountant (AICPA) applicable Trust Services Principles and Criteria (TSPC).
Conducted by CompliancePoint, a PCI Security Standard Council qualified security assessor company, the examination conducted a thorough review of Eventus’s policies and practices in three areas:
- Security – ensuring the system is protected against unauthorized access (both physical and logical)
- Availability – indicating system is available for operation and use as committed or agreed
- Confidentiality – ensuring information designated as confidential is protected as committed or agreed
The TSPC for Security, Availability and Confidentiality are organized into four broad areas: Policies, Communications, Procedures and Monitoring. CompliancePoint assessed Eventus’s conformity with each criterion across these four areas.
The AICPA created the SOC guidelines as an enhancement over the SAS 70 compliance standard. SOC 2 provides an authoritative benchmark for service organizations to demonstrate implementation of proper control procedures and practices. Type II reports include detailed testing of the operational effectiveness of the described systems’ security controls. The AICPA issued the most recent version of TSPC, the basis for SOC compliance, in 2014.
“SOC 2 compliance has become a requirement for some of the world’s largest companies as they are acquiring management consulting, system integration and managed services offerings,” said John Smiley, Eventus Chief Information Officer. “SOC 2 Type II certification gives our clients confidence that Eventus complies with their internal security policies and standards.”
When Congress passed the Affordable Health Care act in 2010, this state knew that it had to create an effective platform for connecting its uninsured population with the most appropriate state-covered and private health insurance providers. The state turned to Eventus to implement contact centers that could handle high volumes and deliver a stress-free customer experience.
Eventus puts this state health plan on the road to a more efficient and cost-effective technology portfolio. Through a current state assessment and roadmap, Eventus identified and implemented $35 million in net cost savings over a three-year study period.