Skip to main content

SOC & HITRUST Solutions

Move forward in confidence with SOC reports and HITRUST assessments.
Shot of colleagues shaking hands in a meeting

Strong experience working across sectors serving organizations of all sizes, from global firms to middle-market companies


One of the only nationally dedicated SOC and HITRUST practices, with team members exclusively working on these engagements


A truly national presence within the United States, with team members physically located from coast to coast

Showcase a robust control environment to users by issuing SOC reports and HITRUST assessments.

The ability to respond to clients’ requests efficiently and effectively regarding controls in place when services are provided has become paramount in today’s environment. Users expect assurances in today's outsourced, remote business environment. Boilerplate reports are no longer acceptable given the risks associated with third-party risk management. Our team of passionate people brings the knowledge and skills you need to help solve today's challenges.

Our dedicated team of experienced advisors has helped service organizations drive their business forward, refine their processes, enhance controls, and address various types of third-party assurance requests for decades. Forvis Mazars has a nationally dedicated SOC and HITRUST practice, with team members dedicated to serving clients throughout the U.S. We work with various industries, including technology, healthcare, insurance, financial services, supply chain logistics, REIT and property management, and others.

From preparing for a first System and Organization Controls (SOC) report or HITRUST assessment to having concerns about your existing information security program, Forvis Mazars is here to help you move with momentum. We’ll listen to understand, be responsive, and consult with a purpose—that’s our Unmatched Client Experience®.

How Forvis Mazars Can Help

SOC Services

Help assess and report on the design and operating effectiveness of internal controls.

SOC reporting has become the most widely accepted report on controls at subservice organizations, providing a value proposition that differentiates your organization from your competition.

We provide the following SOC examinations to help organizations assess and report on the design and operating effectiveness of their internal controls:

  • SOC Readiness Assessments
  • SOC 1, Type 1
  • SOC 1, Type 2
  • SOC 2, Type 1
  • SOC 2, Type 2
  • SOC 3
  • SOC for Cybersecurity
  • SOC for Supply Chain

Performing a SOC examination of a third-party service provider can help:

  • Deliver service providers' users with information on the internal control environment, including the operating effectiveness of controls affecting the users’ internal controls over financial reporting
  • Address a service provider’s users’ need to understand the internal controls at the service provider related to security, availability, processing integrity, confidentiality, and/or privacy
  • Aid the service provider’s users’ financial statement auditors to determine reliance on controls in place at the service provider
  • Eliminate the need for multiple customers to perform onsite audits
  • Satisfy a requirement by many companies that an audit of internal controls be in place at their service provider
  • Indicate to potential customers a service provider’s commitment to internal controls and transaction processing integrity
  • Identify improvement opportunities in operational areas at the service provider
  • Provide an additional marketing opportunity and competitive advantage over other service providers

HITRUST Services

Many clients serving the healthcare industry are required by partners, consumers, and other businesses to prove the security around the Protected Health Information (PHI) they receive, store, and use.

In healthcare, HITRUST is the best-in-class certification to highlight an organization’s strategic focus on information security and privacy.

Forvis Mazars offers various HITRUST services to help meet your organization’s needs:

  • HITRUST Essentials, 1-year (e1) Assessment: This assessment focuses on entry-level assurance for the most critical cybersecurity controls and verifies that cybersecurity protocols are in place.
  • HITRUST Implemented, 1-year (i1) Assessment: This assessment offers a moderate level of cybersecurity assurance focusing on the most current practices and broad-range active cyber threats compared to the e1 assessment.
  • HITRUST Readiness Assessment: This assessment helps evaluate how closely an organization’s control environment aligns with the HITRUST CSF. We provide Readiness Assessments to support i1 and r2 assessments. Our HITRUST Readiness Assessment Services help management identify the appropriate HITRUST assessment for the business and prepare the company for its HITRUST validation. Our team can provide training, education, samples, and guidance to help management understand the basis of the HITRUST report and the expectations when moving into the actual assessment work.
  • HITRUST Risk-Based, 2-year (r2) Assessment: This assessment results in two reports: the HITRUST CSF Validated Assessment Report and the NIST Cybersecurity Framework Report.

A letter of either validation or certification is also issued, based on the assessment’s scoring.

  • HITRUST Interim Assessment: This assessment is required to maintain certified reports and must be submitted no later than the one-year anniversary of the original certification.

HITRUST provides industry standardization to evaluate healthcare organizations and the security of their PHI.

HITRUST implementations can be challenging. Our assessors work closely with you to define a project plan divided into three critical phases: readiness, implementation, and reporting. Establishing a detailed project plan successfully assists organizations in efficiently meeting their compliance objectives.

By dividing the project into manageable phases, stakeholders can address the task at hand while also focusing on and maintaining daily operations. Touchpoints and communication throughout the process give opportunities for stakeholders and our professionals to make sure the project is moving along smoothly.

Related FORsights

Like what you see?
Subscribe to receive tailored insights directly to your inbox.

Explore More

A man and a woman having a discussion at their desks in a sunny office.
Financial Services
Accounting, tax, audit, & consulting services for the banking industry.
A smiling physician speaking with her senior patient.
Assurance, audit, tax, & consulting solutions for the healthcare industry.
Technology & Services
Assurance, consulting, and tax services for the technology, media, and telecommunications (TMT) sector and related industries.
Text bubbles with Forvis logo
Convenient locations to serve your needs.
Find a Location Near You
People discussing at a desk
Explore Your Passion Working at Forvis Mazars

Let's Get Started

Connect to experienced guidance.

How Can We Help You Today?
Wherever you are on your journey, we can help drive your business forward.
Subscribe to FORsights
Get tailored insights and resources.