top of page
Our Commitment to Compliance and Trust 

At Roark Tech Services, security and compliance are not boxes to check, they are the foundation of every decision we make. From how we architect client systems to how we monitor our own, we operate with a single principle in mind: trust is earned through discipline and transparency. 

 

Our firm maintains SOC 2 Type 2 compliance and aligns our practices with the NIST Cybersecurity Framework and HIPAA Security Rule. These standards confirm that our controls are not only well-designed but have been independently validated for effectiveness over time. 

 

Compliance at Roark Tech Services is a reflection of our integrity, maturity, and respect for the people and partners we serve. 

Our Compliance Frameworks

SOC 2 Type 2

Our systems, policies, and processes have been audited against the AICPA’s Trust Services Criteria for Security, Availability, and Confidentiality. The Type 2 report attests that our controls are consistently applied and effective. 

NIST Alignment 

Roark aligns with the NIST 800-53 and NIST Cybersecurity Framework, ensuring our governance, risk, and security programs meet or exceed best-practice federal standards. 

HIPAA Safeguards 

For our clients handling protected health information, our policies and procedures reflect the HIPAA Security Rule’s administrative, technical, and physical safeguards, ensuring confidentiality, integrity, and availability of sensitive data.

NIST LOGOS.png
Designated Data Privacy Officer

Roark Tech Services maintains a formally designated Data Privacy Officer (DPO) responsible for overseeing data protection strategy, privacy compliance, and regulatory alignment. 

 

Our DPO ensures that Roark’s policies and operations adhere to privacy regulations, client agreements, and industry standards including SOC 2, HIPAA, and NIST 800-53. This role coordinates incident response for privacy-related matters, manages data access reviews, and ensures all client and employee information is handled with the highest degree of confidentiality and care. DPO@roarkinc.com

RESPONSIBILITIES INCLUDE:

  • Maintaining and enforcing Roark’s Data Privacy and Confidentiality Policy 

  • Overseeing access control, encryption, and data retention practices 

  • Reviewing and approving data-sharing agreements and vendor privacy commitments 

  • Responding to data subject inquiries and breach notifications 

  • Ensuring continued compliance with SOC 2, HIPAA, and NIST-aligned privacy requirements 

Controls That Uphold Our Compliance

ACCESS & IDENTITY MANAGEMENT

  • Role-based access control with least-privilege enforcement 

  • Multifactor authentication across all systems 

  • Centralized identity management through Microsoft Entra ID (Azure AD) 

  • Quarterly access reviews for administrative and privileged accounts

SYSTEM MONITORING & DETECTION

  • 24 × 7 Security Operations Center (SOC)

  • Continuous endpoint monitoring and behavioral threat detection

  • Next-generation SIEM integration for log correlation and incident response

  • Automated alert triage

EMAIL SECURITY & DATA LOSS PREVENTION

  • Enterprise-grade email protection powered by Proofpoint

  • Advanced threat detection, sandboxing, and URL rewriting to prevent phishing and spoofing

  • Email encryption and secure message delivery for sensitive communications

  • Data loss prevention (DLP) policies aligned with HIPAA and NIST SP 800-171

  • SPF, DKIM, and DMARC enforcement across all Roark domains

DATA PROTECTION & BACKUP

  • Encrypted backups (at rest and in transit) using Ninja One Saas Backup and Microsoft 365

  • Routine backup validation and restoration testing

  • Data retention policies aligned with SOC 2 and NIST SP 800-171

NETWORK & ENDPOINT SECURITY

  • Firewall management with monthly rule-set review

  • DNS filtering and content control for all managed devices

  • Endpoint hardening and USB device control

  • Vulnerability scanning and patch automation

GOVERNANCE & RISK MANAGEMENT

  • Documented Written Information Security Program (WISP) 

  • Risk assessments conducted semi-annually 

  • Vendor due-diligence and third-party risk reviews 

  • Auditable policy distribution, tracking, and compliance attestation 

INCIDENT RESPONSE
& BUSINESS CONTINUITY

  • Formal Incident Response Plan tested annually

  • 24 × 7 escalation and communication procedures

  • Business continuity and disaster recovery testing

  • Post-incident reviews with root-cause documentation

TRAINING & AWARENESS

  • Mandatory, ongoing cybersecurity awareness training for all staff

  • Monthly phishing simulations and compliance quizzes

  • Signed acknowledgement of all security and confidentiality policies

A Culture of Continuous Assurance 

Roark’s compliance program is not a one-time achievement; it’s a living system of controls, monitoring, and improvement. Our leadership team reviews every policy, test, and audit finding to ensure that the firm remains ahead of regulatory expectations and client standards. 

 

Whether measured against SOC 2, NIST, or HIPAA, Roark’s message remains constant: we protect your business as if it were our own. 

bottom of page