Cardinal Health is committed to protecting the security and integrity of our customers’ information as if it were our own. To that end, we engage regular outside, independent SOC 3 examinations of our system and processing to ensure we have appropriate internal controls in place for the security and processing integrity of our Pharmaceutical Ordering system.

The SOC 3 examination is a rigorous audit process developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). It provides independent assurance that Cardinal Health complies with Trust Services Principles and Criteria that are among the highest in the world for electronic commerce.

Cardinal Health engaged Ernst & Young to perform the SOC 3 audit for the period of January 1, 2011 through December 31, 2011. Ernst & Young evaluated the IT and business operational practices and controls around the Pharmaceutical Ordering system and awarded Cardinal Health with an unqualified opinion that the system and processing met the following SOC 3 conditions:

  • Processing Integrity – the system processing was complete, accurate, timely, and authorized. It performed its intended function in an unimpaired manner, free from unauthorized or inadvertent manipulation.
  • Security – the system was protected against unauthorized physical and logical access with effective policies, practices and controls.

Each of these principles is supported by well-defined and detailed criteria that encompass our infrastructure, software, data, people, and procedures. Cardinal Health intends to renew this certification annually.