
SOC Audits & Third-Party Risk Management (TPRM)
TPRM-Certified Professionals Serving Financial Institutions, Healthcare, Maritime & Energy
SOC Audits — 15+ Years of Experience
R&C Global's Risk Advisory team has been delivering System & Organization Controls (SOC) engagements for over 15 years. Our TPRM-certified professionals assess, document, and report on internal controls at service organizations — providing the assurance your clients, regulators, and business partners require.
Third-Party Risk Management (TPRM)
Organizations across every sector face increasing pressure to document and manage the risks their vendors, subrecipients, and third-party service providers introduce. Regulatory bodies, grant funders, accreditation organizations, and enterprise clients increasingly require formal TPRM programs. Our certified TPRM professionals help you build them.
Non-Profit TPRM
Federal grant requirements under 2 CFR 200 require non-profits to monitor subrecipients and document vendor risk. We help organizations design compliant subrecipient monitoring programs, perform monitoring procedures, and prepare required documentation.
Healthcare TPRM
HIPAA requires covered entities to manage Business Associate risk. Our TPRM team assesses vendor controls, reviews BAAs, performs agreed-upon procedures on specific vendor environments, and prepares documentation satisfying OCR and accreditation expectations.
Maritime & Energy TPRM
Supply chain risk is acute in maritime and energy. We assess vendor and contractor controls, review compliance with regulatory requirements (USCG, BSEE, IMO frameworks), and provide independent documentation of your vendor risk management program.
Financial Institution TPRM
Community banks and credit unions face OCC and NCUA vendor management expectations. We assess third-party service providers — including core banking vendors, payment processors, and technology providers — providing independent assurance on controls.
SOC Report Types
SOC 1® (SSAE 18) — Controls over financial reporting
SOC 2® — Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy)
SOC 3® — Public-facing assurance summary
SOC for Cybersecurity — Organization-wide cybersecurity risk management attestation
Readiness Assessments
First-time SOC clients benefit from our pre-audit Readiness Assessment — we help you describe your control environment, identify appropriate controls, test them, and remediate gaps before the audit period begins.
Why R&C for TPRM
✦ TPRM Certified Staff — Credentialed in vendor and third-party risk management
✦ Non-Profit Specialists — Subrecipient monitoring, 2 CFR 200 TPRM requirements
✦ Healthcare Specialists — HIPAA BAA risk, OCR expectations, and accreditation support
✦ Maritime & Energy — Supply chain risk, regulatory frameworks, contractor controls
✦ 15+ Years SOC Experience — Every control environment, every size organization

Schedule Your Free TPRM or SOC Consultation
📞 (972) 360-6822 ✉ info@randcglobal.us 📍 11011 Richmond Ave STE 722, Houston TX 77042
