Assurance Services

Compliance and security are complex fields, with standards and jargon that aren’t necessarily transparent to your customers as the clear differentiators they are. How can you make sure that your customer understands that your processes have been assessed for risk, effectiveness, trust, and service?

Through Assurance Services.

Engaging Drummond Assurance Services, in conjunction with any of Drummond Group’s compliance or security services, lets your customer know that everything is as it should be, and to the highest standards. Our comprehensive service eliminates duplication of effort, leverages client familiarity, eases procurement, and lowers your cost. These same services reduce administrative burden on both sides, and quality is ensured.

Let Drummond Assurance Services improve the quality and context of information available to your customers about your compliance and security environments.

SOC Services

What do we offer?


(SOC1, SOC2, SOC3, SOC for Cybersecurity, SOC for Supply Chains)

As the overall cybersecurity and privacy risk environment and compliance requirements increase, Drummond Assurance Services helps your organization de-risk and get compliant with comprehensive SOC engagements to 2017 AICPA SOC standards.

Our SOC attestations provide your customers and stakeholders assurance that you are designing and effectively operating your internal controls and/or cybersecurity risk management programs to achieve the AICPA trust service principles and criteria.

We can audit and report on your organization’s compliance with SOC 1, SOC 2, SOC 3, SOC for Cybersecurity, and the soon-to-be-released SOC for Supply Chains.

SOC 2 reports can also address additional subject matter such as as your organization’s compliance with HITRUST, HIPAA, NIST, PCI-DSS, or the Cloud Computing Matrix standards.

What kind of SOC report do you need?

You’ll need to consider the nature of your organization, your objectives, your system(s), the service(s) you provide, and any relationship you have with subservice organizations.

  • If your priority is your customer’s internal controls over financial reporting, you should choose to have a SOC 1 exam performed.
  • If assurance to your customers regarding your principal service level commitments and system requirements is something you need, you should choose to have a SOC 2 exam performed.
  • If assurance over your cybersecurity risk management program and how it meets your objectives is what you require, then SOC for Cybersecurity is a fit. SOC for Cybersecurity is a public use report and is appropriate for all types of all types of organizations.

Need more help deciding?

We’re happy to help walk you through the decision-making process.


In effect since May 25, 2018, GDPR changes everything about the way business handles personal data. The monumental challenges this presents to business — and the monumental penalties for getting your compliance wrong — mean that there’s no place better across your business to implement Assurance Services than in your GDPR assessment and compliance practice. With GDPR’s sweeping reach, it’s an ideal place to test your controls, and to receive the reassurance you need that you’ve made the right compliance decisions all along the line. We can help you to leverage your prior compliance activities, and power-assist you on the way to achieving and maintaining GDPR compliance.

Not just Assurance, but efficiency

We leverage our team’s comprehensive skillset into an “audit once, certify many” audit process methodology that maximizes your time and cost efficiency.

We use audit technology that adapts and integrates to your governance, risk management, and compliance systems to automate and simplify information transfer about your controls, policies, risk assessments, system descriptions, asset inventories, incidents, security operations, system log files, and other engagement data requirements wherever possible.

The Drummond Group’s team will provide you with any consulting or advice that you need prior to, during, and after your engagement, through a complete suite of advisory services. Drummond Group partners with you every step of the way to make sure that your journey to compliance is as straightforward and painless as possible, and Drummond Assurance is there to verify and reinforce the information you receive from that process.

Interested in Drummond Assurance Services?

Richard Braman is the managing partner of Drummond Assurance Services. Richard has been a Certified Public Accountant specializing in IT fields for 20 years. This experience has made him familiar with the people, processes, data, infrastructure, and software that make up technology-related compliance services. In order to broaden his understanding of the Healthcare Compliance field, Richard spent three years focusing on niche testing of compliance in the HITECH space. Because of this, he is in touch with Drummond Group’s culture, customers, and processes.

Mr. Braman possesses a certificate of advanced SOC knowledge from AICPA.

All AICPA SOC and attestation services are performed by Drummond Assurance Services (“DAS”) under AICPA guidelines. Drummond Assurance Services is the trade name of Richard L. Braman, Jr. CPA, PLLC, a Florida licensed CPA Firm. Drummond Assurance Services is not owned or controlled by Drummond Group. Drummond Assurance Services works exclusively with Drummond Group on attestation engagements for mutual customers of both firms. In North Carolina, the firm does not use the trade name Drummond Assurance Services, and all reports for North Carolina domiciled customers will be issued by Richard L. Braman, Jr. CPA, PLLC.