Trust Services (SOC 2 and 3)

Weaver’s IT advisory professionals bring the experience and know how to assist organizations with trust services through SOC 2 and 3 engagements. 

SOC 2 and 3 engagements are based on the trust services principles and criteria developed and managed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). These engagements provide assurances that an organization's systems are reliable and operate without material errors, faults or failures. SOC 2 and 3 engagements apply for organizations hosting critical systems depended upon by other organizations. Weaver assists clients in conforming with the applicable trusts services principles and criteria and can perform the examination necessary to obtain the appropriate report to fit your organization's needs. SOC 3 reports provide summarized information and are meant for public consumption, whereas SOC 2 reports are more detailed and are meant for your existing customers only. 

The trust services principles and criteria of security, availability, processing integrity and confidentiality are organized in four broad areas (Chart view):  

• Policies. The entity has defined and documented its policies relevant to the particular principle.
• Communications. The entity has communicated its defined policies to responsible parties and authorized users of the system.
• Procedures. The entity placed in operation procedures to achieve its objectives in accordance with its defined policies.
• Monitoring. The entity monitors the system and takes action to maintain compliance with its defined policies.

Weaver’s SOC 2 and 3 services address the following questions on four essential principles: