Bridge Letters for SOC Audits

Long bridge over a river

A bridge letter, also referred to as a gap letter, can be used to bridge the “gap” between the service organization’s SOC report date and the user entity’s year-end (i.e., calendar or fiscal year-end).  Bridge letters are used for both SOC 1 and SOC 2 reports. SOC reports typically cover a period […]

A Better Way to Monitor AWS and Azure

A Better Way to Monitor AWS and Azure

  If your organization is subject to a SOC 1 or SOC 2 audit, then you are likely familiar with the vendor management requirements under both reporting frameworks. The American Institute of Certified Public Accountants’ (AICPA) reporting standards for SOC 1 (Section AT-C 320 of SSAE #18) states that: “Management’s description […]