SOC Case Study - Health Management Solutions Provider SOC 2 + HITRUST

Primary Contact: Eric M. Wright CPA, CITP

Schneider Downs completed a Service Organization Control (SOC 2) report +HITRUST for health management solutions provider.

What was the need or problem that you had before you started using Schneider Downs’ services?

Our organization was seeking guidance in obtaining a SOC2+HITRUST report to provide to a large healthcare provider. It became a mandated requirement to continue doing business with this entity.

Why did you choose to partner with Schneider Downs?

Schneider Downs came highly recommended. They also have a very strong presence in the city of Pittsburgh where we are located, and their reputation for quality precedes them.

What was it like to work with Schneider Downs?

From the start, Schneider Downs was an extremely thorough, knowledgeable, and valuable partner. Obtaining a SOC 2+HITRUST report can be a daunting endeavor. It’s important that you feel comfortable and secure in honestly discussing your organizations needs and goals. Schneider Downs performed an initial risk assessment and provided guidance in planning a realistic timeline for obtaining our report. In this process you don’t want to feel you are just given a rulebook and meeting deadlines. You want a partner that understands your specific needs as your path to obtaining your report will be unique to your organization.

What is an example of how Schneider Downs went “the extra mile” to serve you?

There were many times when we had questions and needed clarification on audit evidence and controls. This pertained not only to ourselves individually but also in regards to business partners and associates. As we form new business partnerships and obtain new clients, we find ourselves reaching back out to Schneider Downs for their up-to-date knowledge and steadfast expertise. They will remain a valuable asset long after you obtain your SOC 2+ HITRUST report.

How has Schneider Downs and the SOC 2+ HITRUST Report benefited your company?

Our report was required to continue to do business with a very large healthcare provider. Therefore, obtaining the report fulfilled an immediate need. Not long after obtaining our report, we had the opportunity to partner with another large healthcare provider. One of the very first things they asked was, “Do you have a SOC2+HITRUST report”? Being able to provide our prospects with a SOC2+HITRUST report and demonstrating that our security controls are operating effectively has provided us opportunities that we may not have had otherwise.

In addition, going through the audit process forced us to take a hard look at our current control environment. We now have a much stronger control environment and can convey to current and future customers that their data will be appropriately protected.

Schneider Downs SOC Services

About Schneider Downs SOC Services

Schneider Downs employs a unique approach to SOC reports, integrating the expertise of information technology, internal audit and external audit professionals. By combining cross-disciplinary knowledge and project management expertise, we are able to effectively deliver on our clients’ expectations. If you are interested in learning how we can assist your organization, please contact us to get started or learn more about our practice at

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.


Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.