Service Organization Control (SOC) 3 Report

Cardinal Health is committed to protecting the security and integrity of our customers’ information as if it were our own. To that end, we engage regular outside, independent SOC 3 examinations of our system and processing to ensure we have appropriate internal controls in place for the security and processing integrity of our Cardinal Health Pharmaceutical E-Commerce Ordering System.

The SOC 3 examination is a rigorous audit process developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). It provides independent assurance that Cardinal Health complies with Trust Services Principles and Criteria that are among the highest in the world for electronic commerce.

Ernst & Young evaluated the IT and business operational practices and controls around the Cardinal Health Pharmaceutical E-Commerce Ordering System and awarded Cardinal Health with an unqualified opinion that the system and processing met the following SOC 3 conditions:

  • Security – the system was protected against unauthorized access, use, or modification.
  • Processing Integrity – the system processing was complete, valid, accurate, timely, and authorized.

Each of these principles is supported by well-defined and detailed criteria that encompass our infrastructure, software, data, people, and procedures. Cardinal Health intends to renew this certification annually.