SOC Examination Services

A System and Organization Control (SOC) audit provides transparency about your internal control environment and assurance to other organizations that your controls are in place and are operating effectively. Weaver’s SOC accounting team makes sure your SOC audit and SOC reporting improve your day-to-day operations and your competitive edge.

Let's get started

Featured

Trending
Insights & Resources

Webinar

Public Sector Education Webinar: How Government Agencies Can Prepare for Cyber Incidents Before They Happen

Our on-demand session discusses how your government agency can best prepare for cyber incidents. We'll look at ways to harness strategic initiatives currently in play and neutralize the published incidents of impacted organizations.

Podcast

Podcast: Megatrend: Preparing Your Future Workforce

Join Todd Hoffman, Brett Nabors and Morgan Page as they look at strategies for preparing the future workforce in government on Weaver: Government Impact.

Podcast

Podcast: Megatrend: Improving the Constituent Experience

Discover strategies for improving constituent experiences in government services with Todd Hoffman, Brett Nabors and Morgan Page on Weaver: Government Impact.

Executive Resource

Executive Resource Center

Unlock

Does Your Non-Medical Business Need to Comply with HIPAA Requirements?

Weaver's series sheds light on the intricacies of HIPAA compliance for non-medical entities and offers crucial insights that could impact your company’s operations.

Podcast

Podcast: Megatrend: Operating Budget Pressures

Explore effective strategies for managing operating budget pressures in government with Todd Hoffman, Brett Nabors and Morgan Page on Weaver: Government Impact.

Article

Health Care’s Most Recent Cyber Incident Reveals Industry-Wide Vulnerabilities

Change Healthcare was impacted by a cybersecurity incident that breached its information technology network.

Explore all insights

SOC reporting that goes beyond checking the boxes.

Weaver’s tailored, hands-on approach offers guidance that goes beyond checking the boxes. We consider your business as a whole, and how SOC reporting can serve as a valuable tool for achieving your long-term strategic objectives. Companies leverage SOC audits and reports for many different reasons. The benefits vary depending on the subject matter (SOC 1, SOC 2 or SOC 3), the timeframe, and your organization’s industry or services.

Our SOC audits and reports provide:

Trust and transparency

Companies are more likely to trust and invest in your services when they see that your controls have been reviewed and tested by a reputable independent third party. An SOC report enables you to project confidence in your internal control environment.

Compliance with regulatory requirements

Some industry regulations require demonstration of internal controls that also apply to outsourced services. An SOC audit can demonstrate compliance with specific security and data-protection standards.

A competitive advantage

Many companies and organizations prefer to work with service organizations and vendors who have an SOC report available, which differentiates you from your competitors.

One report for many

When provided by a reputable CPA firm, one SOC report (based on subject matter) can be relied upon by many customers. This reduces your audit costs and your internal compliance burden, and maximizes your ability to offer transparency to your customers.

SOC reporting options.

All SOC examinations must be performed in accordance with Statement on Standards for Attestation Engagements (SSAE), which includes multiple unique reporting channels, each tailored to provide insight on the internal control environment at the entity, service provider and supply chain levels.

SOC 1

Report on internal controls over services relevant to customers of the outsourced services and their financial advisors. Weaver offers Type 1 reports for a specific point in time and Type 2 reports for a specific period of time (typically 6 to 12 months).

SOC 2

Report on internal controls over technical subject matter relating to information security and operational risks for internal audits, due diligence, ongoing vendor management and regulatory compliance. Weaver offers Type 1 reports for a specific point in time and Type 2 reports for a specific period of time (typically 6 to 12 months).

SOC 2 AICPA Trust Services Criteria

Meeting SOC 2 Trust Services Criteria.

Weaver’s team will work with you meet the AICPA Trust Services Criteria (TSC) for SOC 2 reporting. The TSC are used to evaluate and report on internal controls over information and systems across an entire entity, at the operating unit level, within a particular function, or for particular types of information.

The TSC are classified into five main categories:

Security: Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems.
Availability: Information and systems are available for operation and use to meet the entity’s objectives.
Processing integrity: System processing is complete, valid, accurate, timely and authorized to meet the entity’s objectives.
Confidentiality: Information designated as confidential is protected to meet the entity’s objectives.
Privacy: Personal information is collected, used, retained, disclosed, and disposed to meet the entity’s objectives.