UPDATED 11/02/2023

It's everybody's favorite time of year—SOC report season!

All kidding aside, we know our annual compliance reports are important to you, and we work hard to get them to you in a timely manner. We tend to get a few questions on our compliance process, so we wanted to share with you some information on our control periods and anticipated release dates.

Workiva completes Service Organization Controls (SOC) 1 and 2 Type II reports annually. The SOC reports are performed by an independent third party and establishes that Workiva employs uniform and reliable operational controls and safeguards as a host and processor of data belonging to their customers. Workiva does not disclose the results of internal audits.

SOC reports

• Workiva SOC 1 Type II report has a control period that covers October 16 through October 15. This will be issued no later than the end of December.
• Workiva SOC 2 Type II report, which includes HIPAA, has a control period that covers October 16 through October 15. This will be issued no later than the end of December.
• Workiva will also be issuing an additional SOC 1 with a reporting date of January 1 through December 31. This will be issued no later than the end of February.
• Workiva will also be issuing an additional SOC 1 with a reporting date of April 1 through March 31. This will be issued no later than the end of May.

It usually takes 6-8 weeks from the end of the report period to receive the final SOC Reports. Once available, we will post them to the Security and Compliance Document Request Portal. Additionally, a Bridge Letter through the end of the quarter will be available within the first week of the new quarter.

Additional info

Amazon Web Services is a trademark of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Google Cloud is a registered trademark of Google Inc.