SOC for Supply Chain

Due to rapid technological advancement, the production, manufacture, or distribution of products often involves a high level of interdependence and connectivity between an entity and (a) organizations that supply raw materials or components for the manufacturing process (suppliers) and (b) the entity’s customers and business partners. These relationships are often considered part […]

Bridge Letters for SOC Audits

Long bridge over a river

A bridge letter, also referred to as a gap letter, can be used to bridge the “gap” between the service organization’s SOC report date and the user entity’s year-end (i.e., calendar or fiscal year-end).  Bridge letters are used for both SOC 1 and SOC 2 reports. SOC reports typically cover a period […]

What to Expect in Your First SOC Audit

A company’s first SOC audit generally follows a standard lifecycle (and this applies to both SOC 1 and SOC 2): First your auditor performs a readiness assessment (also called a gap assessment) to help you prepare for your first SOC audit and identify control weaknesses that need to be addressed in […]