• +1 866 576 4414
  • info@AARC-360.com
  • 8000 Avalon Boulevard, Suite 100 Alpharetta, GA 30009
Our Services


At AARC-360 our Assurance services are designed to provide an independent professional opinion on your compliance with AICPA defined security frameworks, so that your customers, stakeholders and investors can make more informed and better decisions related to your compliance with industry defined security frameworks.  Our SSAE 18 / SOC 1, SOC 2, SOC 3, PCI DSS and HITRUST assurance services provide an independent and professional opinion on your compliance with security standards that will help reduce the risk associated with the services you provide.

Under an assurance engagement (SSAE 18 / SOC 1, SOC 2, SOC 3, PCI DSS or HITRUST ), we address a variety of services ranging from information systems security reviews to accounts payable processing to customer satisfaction surveys. Assurance services can test financial and non-financial information. Our services while highly structured, can be customized and implemented depending on the size and complexity of our clients’ operations.
*It should be noted that the SSAE 16 standard was superseded by the now applicable SSAE 18 standard.

Select an Assurance Solution

Service organizations such as payroll providers, collection agencies, or managed services providers whose services/controls directly or indirectly impact the accuracy of their clients’ financial statements, are required to provide independent assurance to their clients with respect to the effectiveness of the design and operations of such services/controls.   Our SSAE 18 / SOC 1 examination services are intended for such service organizations (user entities) and their auditors that audit the financial statements (user auditors).
Service Organizations such as data center hosting providers, medical records management providers, etc., whose services may impact the security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems may be required to provide independent assurance to management or those charged with governance of the user entities and of the service organization, customers of the service organization, regulators, or business partners.  Our SOC 2 examination services, in accordance with the AICPA guidance, are designed to provide that independent assurance against defined criteria around the principles of Security, Availability, Processing Integrity, Confidentiality, or Privacy.
This abbreviated report is intended for a general audience and does not include the level of detail of the SOC 2 report, but does require the same level of audit rigor of the SOC 2.  Because it is written for a general audience, it is appropriate to make the SOC 3 audit report available on your website for potential clients to review.  Our SOC 3 examination services, in accordance with the AICPA guidance, are designed to provide an independent assurance regarding your compliance with the defined criteria of Security, Availability, Processing Integrity, Confidentiality, or Privacy.
Originally established for healthcare organizations but later expanded to be industry agnostic, the HITRUST Common Security Framework (CSF) serves as a comprehensive regulatory and risk management certification. Following the HITRUST CSF, AARC-360 takes a risk- and compliance-based approach when performing HITRUST Assessments in collaboration with the HITRUST Alliance and the assessed organizations.  As a HITRUST CSF Assessor firm and licensed CPA firm, AARC-360 understands data protection compliance and aims to help guide each organization through the process; whether you are in the gap analysis phase or seeking a full validated certification through a HITRUST validated assessment.  AARC-360 recognizes how the HITRUST CSF framework can be utilized to meet individual compliance needs as we work together with you to achieve success.
A PCI DSS Assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS). During the assessment, a PCI Qualified Security Assessor (QSA) determines whether the business has met the PCI DSS 12 requirements, either directly or through a compensating control. AARC-360 is a Qualified Security Assessor (QSA) Company that has been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS and is authorized to perform assessments and prepare appropriate compliance reports (such as Reports on Compliance (RoC)) required by payment card brands and acquiring banks.
An agreed-upon procedures engagement is one in which we are engaged by a client to issue a report of findings based on specific procedures performed on subject matter.   Because the specified parties require that findings be independently derived, our services are obtained to perform procedures and report on the related findings. We along with the specified parties agree upon the procedures to be performed that the specified parties believe are appropriate.