Wagepoint typically requires a direct request to their support or security team to obtain their SOC reports.
1. The Request Process
Wagepoint maintains SOC 1 Type II and SOC 2 Type II reports, but they are not hosted for public download due to the sensitive nature of the security controls described in them.
Step 1: Log in to your Wagepoint account.
Step 2: Click the "?" (Help) button or navigate to the Support/Contact Us section.
Step 3: Submit a ticket with a subject line like: "Request for SOC 1 and SOC 2 Type II Reports for Audit."
Step 4: Their team will typically send you a digital Non-Disclosure Agreement (NDA). Once you (or your company’s authorized signer) sign this, they will email you the PDF reports.
2. What if your auditor is asking for a "Bridge Letter"?
If your audit covers a period that falls after the date of Wagepoint's last SOC report (e.g., the report ended in December but your audit is in May), ask for a "Gap Letter" or "Bridge Letter."
Wagepoint's compliance team can provide this short document to confirm that no major changes to their control environment have occurred during that gap.
3. Key Details for Your Auditor
If your auditor is performing a "Risk Assessment" and just needs to know Wagepoint's status before receiving the full report, you can confirm the following:
Standard: They undergo annual independent audits for both SOC 1 (Financial Reporting) and SOC 2 (Security, Availability, and Confidentiality).
Entity: They are a regulated Money Services Business (MSB) and are FINTRAC compliant in Canada.
Security: They utilize 256-bit SSL encryption and Two-Factor Authentication (2FA) for all accounts.
Pro Tip: If you work with an external accounting firm that is a Wagepoint Partner, they may already have a copy of the latest SOC report on file for their practice. It's worth asking your accountant if they can pull it for you first to save a few days of back-and-forth with support.