Lock - Sentry Data Systems completes SOC 1, SOC 2 and SOC 3 audits

Sentry Data Systems completes SOC 1, SOC 2 and SOC 3 audits

Leading the way in 340B vendor security

DEERFIELD BEACH, FLSentry Data Systems, Inc., the 2014 KLAS Category Leader for 340B Management Solutions and provider of SaaS-based technology solutions that help healthcare providers manage costs, compliance and outcomes, recently completed Service Organization Control 1SM (SOC 1), Service Organization Control 2SM (SOC 2) and Service Organization Control 3SM (SOC 3) audits. The audits demonstrate that Sentry’s management maintained effective controls over various technology, security and privacy processes related to the SaaS-based SentinelTM and SentrexTM solutions for the time period of January 1, 2014 through December 31, 2014. Sentry’s SOC audit examinations were performed by the independent CPA firm, DaszkalBolton, LLP, based on the American Institute of Certified Public Accountants’ (AICPA’s) AT 801 audit compliance standards (formerly the SSAE 16) and the Trust Services Principles and Criteria for security, availability, processing integrity, confidentiality, and privacy.

“As a data company, we want our customers to know that we’re doing everything we can to earn and maintain their trust,” says Travis Leonardi, CEO and founder of Sentry Data Systems. “The SOC audits test our control processes to provide assurance that our technology is operating as intended, that our data is secure and that we’re in compliance with applicable laws and regulations.”

SOC reports include a description of the control environment and summarize the SOC audit results to help current and prospective customers evaluate the adequacy of Sentry’s control processes and to assist with customers’ internal and external auditing requirements. The three types of SOC audits and reports each address a unique subset of the AICPA’s AT 801 audit compliance standards and the Trust Services Principles:

  • The SOC 1 report provides assurance that Sentry’s control objectives are appropriately designed and that the controls safeguarding customer data and related financial reporting are operating effectively. The report’s use is restricted by the AICPA and is intended only for use by financial auditors.
  • The SOC 2 report expands the evaluation of Sentry’s controls to include an evaluation of the design and operating effectiveness of controls that meet the criteria set forth by the AICPA Trust Services Principles. These principles define leading practice controls relevant to security, availability, processing integrity, confidentiality, and privacy applicable to service organizations like Sentry. Sentry’s SOC 2 report provides additional transparency into Sentry’s control processes relative to defined industry standards and further demonstrates Sentry’s commitment to protecting customer data. This report’s use is restricted by the AICPA, as well.
  • The SOC 3 report is a publicly-available summary of the Sentry SOC 2 report. The report includes the external auditor’s opinion of the operating effectiveness of controls (based on the AICPA’s Security Trust Principles included in the SOC 2 report), the assertion from Sentry’s management regarding the effectiveness of controls, and an overview of Sentry’s infrastructure and services. This is a great resource for customers that need to validate that Sentry has obtained external auditor assurance—without going through the process to request a SOC 2 report. Current and prospective customers interested in a copy of Sentry’s SOC 3 report can download it here.

To learn more about the different types of SOC reports and what each contains, visit the AICPA website.