EAG Inc.

Contact Us

(832) 485-5800

EAG 1Source Receives SOC 1 & 2 – Type I Certifications

Houston, TX November 15, 2019  – EAG 1Source, a specialized consulting firm devoted exclusively to upstream and midstream business and technology services, today announced that they have successfully completed a System and Organization Controls (SOC) 1® and 2® Type I Audit examinations for their Managed IT and Accounting System. EAG 1Source retained international CPA and business advisory firm, Skoda Minotti, for its SOC 1® and SOC 2® audit work. Skoda Minotti was selected after an intensive search based on their reputation as a leading risk advisory and compliance firm.

Ben Osbrach, CISA, CISSP, CICP, CCSFP, QSA partner-in-charge of Skoda Minotti’s risk advisory group says, “We were excited to work with EAG 1Source from the very start. They are an intriguing organization delivering high quality services and their business adds to our growing SOC reporting practice.”

SOC 1® engagements are performed in accordance with the American Institute of Certified Public Accountants’ SSAE 18, Statement on Standards for Attestation Engagements (SSAE) No. 18, Reporting on Controls at a Service Organization. The SOC 1® Type I examination is performed by an independent auditing firm and is intended to meet the needs of the management of user entities and the user entities’ auditors, as they evaluate the effect of the controls at the service organization on the user entities’ financial statement assertions. These reports are important components of user entities’ evaluation of their internal controls over financial reporting for purposes of complying with laws and regulations such as the Sarbanes-Oxley Act and the user entities’ auditors as they plan and perform audits of the user entities’ financial statements.

SOC 2® engagements are performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 205, Reporting on Controls at a Service Organization and based on the trust service principles outlined in the AICPA Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. The SOC 2® Type I report is performed by an independent auditing firm and is intended to provide an understanding of the service organization’s suitability of the design of its internal controls. A service organization may select any or all of the trust service principles applicable to their business and EAG 1Source chose to report on security, availability and confidentiality. The successful completion of this voluntary engagement illustrates EAG 1Source’s ongoing commitment to create and maintain a secure operating environment for their clients’ confidential data.

Skoda Minotti’s testing of EAG 1Source’s control environment included examination of their policies and procedures regarding control environment, physical security, environmental security, computer operations, application change control, information security and data communications. Upon completion of the examination, EAG 1Source received a Service Auditor’s Report with an unqualified opinion demonstrating that their policies, procedures, and infrastructure controls were suitably designed and operating effectively to achieve the related control objectives throughout the examination period.

For the SOC 2® Skoda Minotti’s testing of EAG 1Source’s controls included examination of their policies and procedures regarding network connectivity, firewall configurations, systems development life cycle, computer operations, logical access, data transmission, backup and disaster recovery, and other critical operational areas of their business. Upon completion of the audit, EAG 1Source received a Service Auditor’s Report with an unqualified opinion demonstrating that their policies, procedures, and infrastructure meet or exceed the stringent SOC 2® criteria.

“The successful completion of our SOC 1® and SOC 2® Type I examination audit provides EAG 1Source’s clients with the assurance that the controls and safeguards we employ to protect and secure their data are in line industry standards and best practices,” said Elizabeth Gerbel, CEO.

About – EAG 1Source

EAG 1Source is an affiliate of EAG Services founded in 2003 by Elizabeth A. Gerbel. EAG serves the oil and gas industry, both domestically and internationally. EAG is a specialized consulting firm devoted exclusively to upstream and midstream business and technology services. EAG is the trusted, client-tailored, and specialized consulting services firm for the energy industry. By keeping their focus on specific segments of the energy industry and remaining unbiased in their approach, EAG remains committed to its client’s success while providing a challenging and rewarding place to work for their employees.

About – Skoda Minotti

Skoda Minotti is a Certified Public Accounting Firm based in Cleveland, OH offering a variety of tax, finance, and business advisory services in virtually every area of business. The Risk Advisory practice specializes in SOC Reporting, PCI DSS Compliance, HIPAA Compliance and HITRUST validation, FISMA, NIST, ISO 27001, Vulnerability and Penetration Testing, and other regulatory information security assessments. Staffs in Skoda Minotti’s Risk Advisory hold several industry certifications including Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Qualified Security Assessor (QSA), GIAC Penetration Tester (GPEN), and GIAC Web Application Penetration Tester (GWAPT). For more information about Skoda Minotti’s Risk Advisory Services, please visit skodaminotti.com/risk.

»