Bridge Letters for SOC Audits

Long bridge over a river

A bridge letter, also referred to as a gap letter, can be used to bridge the “gap” between the service organization’s SOC report date and the user entity’s year-end (i.e., calendar or fiscal year-end).  Bridge letters are used for both SOC 1 and SOC 2 reports. SOC reports typically cover a period […]

What to Expect in Your First SOC Audit

A company’s first SOC audit generally follows a standard lifecycle (and this applies to both SOC 1 and SOC 2): First your auditor performs a readiness assessment (also called a gap assessment) to help you prepare for your first SOC audit and identify control weaknesses that need to be addressed in […]

A Better Way to Monitor AWS and Azure

A Better Way to Monitor AWS and Azure

  If your organization is subject to a SOC 1 or SOC 2 audit, then you are likely familiar with the vendor management requirements under both reporting frameworks. The American Institute of Certified Public Accountants’ (AICPA) reporting standards for SOC 1 (Section AT-C 320 of SSAE #18) states that: “Management’s description […]