SSAE 16 / SOC 1, 2 & 3

If your organization provides outsourced services to other businesses, you must demonstrate to your customers and prospects that you maintain internal control over the data or systems you manage on their behalf. Annual Weaver Service Organization Controls (SOC) assessments of your organization’s controls will give your customers confidence that their information is sound and secure with you. Weaver can help your company by preparing three types of SOC reports:

SOC 1 reports are based on attestation standard SSAE 16 and provide detailed information on the aspects of your services that are relevant to customers’ internal controls over financial reporting. This information can be crucial for your customers who have to comply with laws and regulations such as the Sarbanes-Oxley Act of 2002.

SOC 2 reports provide information on your controls over security, availability, processing integrity, confidentiality and privacy. These reports give your customers confidence that you are meeting standards associated with contract compliance or service level agreements, information security and non-financial regulations such as HIPAA.

SOC 3 reports cover the same scope as SOC 2 reports but don’t include detailed testing results. SOC 3 reports are intended for general public consumption and may be posted on your company’s website. Common uses for SOC 3 reports include marketing and vendor due diligence.