It's everybody's favorite time of year—SOC report season!
All kidding aside, we know our annual compliance reports are important to you, and we work hard to get them to you in a timely manner. We tend to get a few questions on our compliance process, so we wanted to share with you some information on our control periods and anticipated release dates.
Workiva completes Service Organization Controls (SOC) 1 and 2 Type II reports annually. The SOC reports are performed by an independent third party and establishes that Workiva employs uniform and reliable operational controls and safeguards as a host and processor of data belonging to their customers. Workiva does not disclose the results of internal audits.
- Workiva SOC 1 Type II report has a control period that covers October 16 through October 15. This will be issued no later than the end of December.
- Workiva SOC 2 Type II report, which includes HIPAA, has a control period that covers October 16 through October 15. This will be issued no later than the end of December.
- Workiva will also be issuing an additional SOC 1 with a reporting date of January 1 through December 31. This will be issued no later than the end of February.
- Workiva will also be issuing an additional SOC 1 with a reporting date of April 1 through March 31. This will be issued no later than the end of May.
It usually takes 6-8 weeks from the end of the report period to receive the final SOC Reports. Once available, we will post them to the Security and Compliance Document Request Portal. Additionally, a Bridge Letter through the end of the quarter will be available within the first week of the new quarter.
TL;DR - our usual SOC reports will be made available on the Compliance portal by the end of December, March, and May each year.
Workiva partners with Google® and Amazon®, both of which are SOC 2, ISO 27001, 27017, and 27018 compliant.
If you have any questions, just let us know. Thanks, and have great day!
Amazon Web Services is a trademark of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Google Cloud is a registered trademark of Google Inc.