Weltman, Weinberg & Reis Co., LPA (Weltman), a full-service creditors' rights law firm now in its 87th year of client service, announced today that it has completed its SOC 1 Type II, SOC 2 Type II, and ISO 27001 audits. These audits verify that Weltman, Weinberg & Reis Co., LPA has the proper internal controls, processes, and information security control structure in place to deliver high quality services to its clients.
KirkpatrickPrice, a licensed CPA and PCI QSA firm, performed the audit and appropriate testing of Weltman's controls. In accordance with SSAE 16 (Statements on Standards for Attestation Engagements), the SOC 1 Type II audit report includes Weltman's description of controls, as well as the detailed testing of its controls over a minimum six-month period. These controls are important, as they may affect clients' financial statements.
"Many of Weltman, Weinberg & Reis' clients rely on them to protect consumer information," said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. "As a result, they have implemented 'best practice' controls required by their clients in order to address information security and compliance risks. Our third-party opinion validates these controls, and the tests we perform provide assurance regarding the managed solutions provided by Weltman, Weinberg & Reis."
The SOC 2 audit is based on the Trust Services Principles and Criteria. Weltman has selected the security, availability, processing integrity, confidentiality, and privacy principles for the basis of their audit. The completion of this engagement provides evidence that Weltman has a strong commitment to deliver high quality services to its clients, by demonstrating they have the necessary internal controls and processes in place.
"Weltman, Weinberg & Reis delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on the Firm's controls," said Kirkpatrick.
KirkpatrickPrice also performed an independent review of Weltman's information security control structure and determined the organization's compliance with ISO 27001. The review determined that Weltman has implemented adequate administrative, physical, and technical controls to address their security risks.
"ISO 27001 provides excellent guidance for developing an Information Security Management System," said Kirkpatrick. "Weltman, Weinberg & Reis' audit against the ISO 27002 guidelines on information security controls demonstrates that a widely respected and international standard has been utilized to select controls as part of their own information security management practices."
"Risk management and quality control are paramount at Weltman, and are the main drivers for every process within the firm," said Duane A. Borgman, Business Information Officer at Weltman, Weinberg & Reis Co., LPA. "The key elements of our operations, including compliance, technology, and data security, are thoroughly scrutinized and run through checkpoints, both internally and externally, on a consistent basis. Our goal is to always ensure we operate in a manner that protects the firm, our clients, and their consumers, from any undue risk."
SOC 1 Type II is a reporting on the controls at a service organization that was established by the American Institute of Certified Public Accountants (AICPA). This report is in compliance with the SSAE 16 auditing standards which focus on the controls of a service organization that are relevant to an audit of a user entity’s financial statements. The standard demonstrates that an organization has adequate controls and processes in place. Federal regulations such as Sarbanes-Oxley, Gramm-Leach-Bliley, and the Health Insurance Portability and Accountability Act (HIPAA) require corporations to audit the internal controls of their suppliers, including those that provide technology services.
SOC 2 engagements are based on the AICPA's Trust Services Principles. SOC 2 service auditor reports focus on a Service Organization's non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. KirkpatrickPrice’s service auditor report verifies the suitability of the design and operating effectiveness of Weltman, Weinberg & Reis’ controls to meet the criteria for these principles.
ISO 27001 is a specification for an ISMS (Information Security Management System) standard. An ISMS is a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization's information risk management processes. ISO 27001 creates and implements the most effective and efficient Security Management System for the organization. An international standard, the ISO 27001 applies controls from the following areas: Security Policy, Organization and Information Security, Asset Management, Human Resources Security, Physical and Environmental Security, Communication and Operations Management, Access Control, Information Systems Acquisition, Information Security Incident Management, Business Continuity Management, and Compliance.
KirkpatrickPrice is a licensed CPA firm providing assurance services to over 550 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 12 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SSAE 16, SOC 2, HIPAA, PCI DSS, ISO 27001, FISMA, and CFPB frameworks. www.kirkpatrickprice.com.