Compliance & Specialized Services

For organizations with European operations, European customers, or data subjects located in the European Union (EU), General Data Protection Regulation (GDPR) compliance requirements extend to every system that processes personal data — including financial reporting and analytics platforms. RPP's GDPR Alignment engagement reviews the data flowing through all active RPP engagements against GDPR's core requirements: lawful basis for processing, data minimization, retention limits, data subject rights, and cross-border transfer mechanisms. Coverage applies to all active RPP engagements for the client for 12 months from the engagement date. Delivered as a written alignment assessment and a Data Processing Addendum (DPA) suitable for inclusion in your broader GDPR compliance documentation.

For companies approaching public markets, operating under private equity (PE) ownership with institutional reporting obligations, or preparing for a transaction where internal controls will be scrutinized, RPP's Sarbanes-Oxley Act (SOX) Readiness Assessment evaluates the financial reporting controls, data integrity practices, and access governance within your RPP engagement against Sections 302 and 404 requirements. Delivered as a structured readiness report identifying control gaps, recommended remediation steps, and documentation supporting your external auditors' evaluation of information technology (IT) general controls as they relate to financial reporting. Annual renewal available at $3,500 to reflect changes in your control environment, updated Public Company Accounting Oversight Board (PCAOB) guidance, or new requirements from your auditors.

RPP's Health Insurance Portability and Accountability Act (HIPAA) Compliance engagement assesses how your organization handles protected health information (PHI) within the context of your RPP engagement — covering data transmission, storage, access controls, and Business Associate Agreement (BAA) requirements. Delivered as a structured compliance documentation package including a signed BAA, Security Risk Assessment summary scoped to RPP's services, and a written compliance findings report. This engagement applies specifically to RPP's data handling practices on your behalf and does not constitute, replace, or augment your organization's own HIPAA compliance program or legal obligations as a covered entity. Annual renewal available at $5,000 to maintain current documentation and incorporate any updates to HIPAA guidance or changes in your data handling practices.