It's everybody's favorite time of year—SOC report season!
All kidding aside, we know our annual compliance reports are important to you, and we work hard to get them to you in a timely manner. We tend to get a few questions on our compliance process, so we wanted to share with you some information on our control periods and anticipated release dates.
Workiva completes Service Organization Controls (SOC) 1 and 2 Type II reports annually. The SOC reports are performed by an independent third party and establishes that Workiva employs uniform and reliable operational controls and safeguards as a host and processor of data belonging to their customers. Workiva does not disclose the results of internal audits.
Workiva SOC 1 Type II report is unqualified with a control period that covers November through October. This will be issued by the end of December
Workiva SOC 2 Type II report and includes HIPAA is unqualified; with a control period that covers November through October
NEW in 2022 - Workiva will also be issuing an additional SOC 1 with a reporting date of November 1 through March 31. This will be issued in the middle of May
It usually takes 6 weeks from the end of the report period to receive the final SOC Reports. Once available, we will post them to the Security and Compliance Document Request Portal. Additionally, a Bridge Letter through 12/31 will be available by January 3, 2022.
TL;DR - our usual SOC reports will be made available for customers on the Compliance portal by the end of December, and a new SOC report will be made available by the end of May 2022.
Workiva partners with Google® and Amazon®, both of which are SOC 2, ISO 27001, 27017, and 27018 compliant.
If you have any questions, just let us know. Thanks, and have great day!
Amazon Web Services is a trademark of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Google Cloud is a registered trademark of Google Inc.