Info about Workiva's SOC report periods and release dates
UPDATED 06/12/2026
It's everybody's favorite time of year—SOC report season!
All kidding aside, we know our annual compliance reports are important to you, and we work hard to get them to you in a timely manner. We tend to get a few questions on our compliance process, so we wanted to share with you some information on our control periods and anticipated release dates.
Workiva completes Service Organization Controls (SOC) 1 and 2 Type II reports annually. The SOC reports are performed by an independent third party and establish that Workiva employs uniform and reliable operational controls and safeguards as a host and processor of data belonging to Workiva's customers. Workiva does not disclose the results of internal audits.
SOC reports
- The Workiva SOC 1 Type II report covers a 12-month control period from October 3 through October 2, with customer availability targeted for late November.
- The Workiva SOC 2 Type II report, which includes HIPAA, covers a 12-month control period from October 3 through October 2, with customer availability targeted for late November.
- Workiva will also issue an additional SOC 1 Type II report covering a 12-month period from January 1 through December 31, with customer availability targeted for late March.
- Workiva will also issue an additional SOC 1 Type II report covering a 12-month period from April 1 through March 31, with customer availability targeted for late May.
It usually takes 8-10 weeks from the end of the report period to receive the final SOC Reports. Once available, we will post them to the Security and Compliance Document Request Portal. Additionally, we are targeting the first week of the new quarter to post the latest Continuous Operations Letter to the Compliance portal.
TL;DR - Workiva aims to provide our SOC reports on the Compliance portal by the end of November, March, and May each year.
Additional info
Workiva is also ISO/IEC 27001:2022 certified and is FedRAMP authorized (see here). Here is our published privacy policy with a Truste Certification: https://www.workiva.com/ legal/privacy-policy.
Workiva partners with Amazon® and Snowflake®, both of which are SOC 2, ISO 27001, 27017, and 27018 compliant.
- Amazon https://aws.amazon.com/compliance/
- Snowflake https://docs.snowflake.com/en/user-guide/intro-compliance
If you have any questions, just let us know. Thanks, and have great day!
Amazon Web Services is a trademark of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Snowflake is a registered trademark of Snowflake Inc. in the United States and/or other countries.
-
Official comment
Great news! The SOC 1 Type II and SOC 2 Type II reports are now available on the compliance portal. The bridge letter is expected to made available on December 31, 2021. We'll update you as well then the new SOC report is available in May. Thanks again and happy holidays!
Is there a reason the SOC 1 and SOC 2 reports are only through October 15 this year and not October 31? (Less than a full year)
0
Hi Alyssa!
Happy to help answer this question for you. We ended our period on October 15 to ensure the report was available before 12/31 for our customers. Moving it back enabled us to receive it much earlier in the period. You can also find our Bridge Letter on the portal which covers the days from Oct 15 to Oct 31, up until 12/31.
Hopefully that adds some clarity for you. Let us know what additional questions you have and if you need anything further. Cheers!
0
Hi! It isn't explicitly mentioned in the SOC 1 report but our Internal Audit team wanted to confirm whether Wdata is covered under the current SOC 1 report. I assume it's part of "Workiva Inc.'s Cloud-Based Collaboration Solutions and Support Operations system provided to user entities view the Workiva Platform"?
0
Hi Jho!
Thanks for the question. I can confirm, Workiva's SOC 1 covers Wdata as part of the Workiva Platform. Let me know if you need anything else.
Cheers!
Mike
0
Hi - Please can you confirm when the SOC 1 Type II report covering Nov23 thru Oct24 will be available? Thanks!
1
Hi - This website says that a SOC 1 Type 2 Bridge Letter through the end of the quarter will be available within the first week of the new quarter). However, a bridge letter covering thru Dec 11, 2024 has already been posted. Will there be another Bridge letter posted that covers thru Dec 31st?
0
Hi Kimberly,
Thanks for your question.
The December 11 bridge letter you see is in relation to the issuance of new SOC 1 and SOC 2 reports. That will not effect our standard quarter's-end bridge letter process. Our bridge letter spanning thru December 31 will be available on the Compliance Portal by end of business on our first operational day after calendar-year end, which is January 6, 2025. However, customers may also request your CSM to generate the letter sooner, beginning on January 1, 2025.Hope that helps. Let me know if you have any follow-ups or need anything else. Cheers!0
Does the SOC reports cover all regions as we have 2 instances, one based in the US and another based in Europe. Thanks
0
Hi Lynda! I saw you cross posted this question here and looks like Isabel has you covered. To answer here, the SOC reports provided by Workiva are designed to cover the controls and safeguards of the Workiva platform as a whole, rather than being region-specific. This means that the SOC reports are applicable across all regions, including the US and EU. However, it is important to note that the SOC 1 report focuses on financial reporting controls, while the SOC 2 report addresses security, availability, processing integrity, confidentiality, and privacy.
0
Hi Mike - my company's fiscal year year-end is August 31, 2026. We would need the bridge letter to cover the period from April to August 2026. I am wondering if there will be a bridge letter to cover this period? If so, when it will be released and where we can find it? Thanks!
0
Hi Kelly!
Sorry for my delay here. Happy to help with this questioon.
Workiva's SOC 1 Type II and SOC 2 Type II audit period runs from November 1 through October 31, with the report released toward the end of December.The bridge letter is a supplemental document that covers the gap between the end of the SOC report period (October 31) and the time a customer needs coverage. It is available in the Workiva Compliance Document Portal and is updated at quarter-end dates of 12/31, 3/31, 6/30, and 9/30.
Given your fiscal year-end is August 31, 2026, and you need bridge letter coverage from April 2026 to August 2026. Here's how it maps out:- The most recent SOC annual report would cover Nov 1, 2025 – Oct 31, 2025 (released ~end of December 2025).
- The bridge letter would extend coverage beyond October 31. The portal is updated at quarter-end dates, so you could expect:
- March 31, 2026 bridge letter — available by ~3/31/2026
- June 30, 2026 bridge letter — available by ~6/30/2026 In this case a bridge letter dated June 30, 2026 would cover the period through 6/30/2026 and should be sufficient to cover April–June of your needed period. For the remaining period through August 31, 2026, a September 30, 2026 bridge letter would be needed, but that would not be available until 9/30/2026 — after your fiscal year-end.Bridge letters are available Workiva Compliance Document Portal. Note: A valid Workiva user account (login) is required to access the portal. Documents are confidential and should not be exported and emailed.For the exact release dates of upcoming bridge letters, reach out directly to security@workiva.com.1Please sign in to leave a comment.
Comments
12 comments