Each year, Kaye-Smith undergoes an examination by independent auditors of its controls relevant to the SOC 2 Security and Confidentiality Trust Principles to determine if the controls are properly designed, placed in operation, and effective. The result of the examination is the issuance of a SOC 2 Type II Report by the auditors to Kaye-Smith management.

The auditor’s independent examinations are performed in accordance with Statements on Standards for Attestation Engagements (SSAEs) as provided in the codified SSAEs, AT Section 100 Attest Engagements and in accordance with the AICPA (American Institute of Certified Public Accountants) Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing, Integrity, Confidentiality, and Privacy.

ISO 27001 Information Security Management

Kaye-Smith is ISO 27001-certified, meaning that the company has met the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security management system (ISMS). This certification satisfies the federal requirements of Gramm Leach Bliley, HIPAA, and state reporting requirements.

Business Continuity and Disaster Recovery

Kaye-Smith monitors and assesses the continual threat landscape facing businesses in the digital age through ongoing risk management. In addition to standard business continuity measures, such as a back-up generator and an uninterruptible power supply (UPS) at its processing centers, Kaye-Smith has implemented a disaster recovery solution to ensure that its operations continue if there’s a loss of availability to its main facility. The company utilizes a redundant business site in Portland that is outfitted to accommodate the same systems and processes for completing jobs as in Renton.

Associations

Certifications