Independent Service Auditor’s Report on a Description of a Service Organization’s System and the Suitability of the Design and Operating Effectiveness of Controls
Relevant to Security and Confidentiality
To: Apperson, Inc.,
Scope
We have examined Apperson, Inc.’s (APPERSON) accompanying description of its print and marketing solutions and systems found in Section 3 titled “Description of the Service Organization’s System Provided by Apperson Management” (description) throughout the period November 1, 2019 to April 30, 2020 based on the criteria for a description of a service organization’s system set forth in DC 200, 2018 Description Criteria for a Description of a Service Organization’s System in a SOC 2® Report, (description criteria) and the suitability of the design and operating effectiveness of controls stated in the description throughout the period November 1, 2019 to April 30, 2020, to provide reasonable assurance that APPERSON’s service commitments and system requirements were achieved based on the trust services criteria relevant to security and confidentiality (applicable trust services criteria) set forth in TSP 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).
The description indicates that certain complementary user entity controls that are suitably designed and operating effectively are necessary, along with controls at APPERSON, to achieve APPERSON’s service commitments and system requirements based on the applicable trust services criteria. The description presents APPERSON’s controls, the applicable trust services criteria, and the complementary user entity controls assumed in the design of APPERSON’s controls. Our examination did not include such complementary user entity controls, and we have not evaluated the suitability of the design or operating effectiveness of such controls.
Opinion
In our opinion, in all material respects —
- the description presents APPERSON’s print and marketing solutions and systems that was designed and implemented throughout the period November 1, 2019 to April 30, 2020 in accordance with the description criteria.
- the controls stated in the description were suitably designed throughout the period November 1, 2019 to April 30, 2020 to provide reasonable assurance that APPERSON’s service commitments and system requirements would be achieved based on the applicable trust services criteria, if its controls operated effectively throughout that period, and if the subservice organization and user entities applied the complementary controls assumed in the design of APPERSON’s controls throughout that period.
- the controls stated in the description operated effectively throughout the period November 1, 2019 to April 30, 2020 to provide reasonable assurance that APPERSON’s service commitments and system requirements were achieved based on the applicable trust services criteria, if complementary subservice organization controls and complementary user entity controls assumed in the design of APPERSON’s controls operated effectively throughout that period.
The Moore Group CPA, LLC
Nashua, NH
- October 20, 2020