Info about Workiva's SOC report periods and release dates
UPDATED 11/22/2024
It's everybody's favorite time of year—SOC report season!
All kidding aside, we know our annual compliance reports are important to you, and we work hard to get them to you in a timely manner. We tend to get a few questions on our compliance process, so we wanted to share with you some information on our control periods and anticipated release dates.
Workiva completes Service Organization Controls (SOC) 1 and 2 Type II reports annually. The SOC reports are performed by an independent third party and establishes that Workiva employs uniform and reliable operational controls and safeguards as a host and processor of data belonging to their customers. Workiva does not disclose the results of internal audits.
SOC reports
- Workiva SOC 1 Type II report has a control period that covers October 3 through October 2. This will be issued no later than the end of November.
- Workiva SOC 2 Type II report, which includes HIPAA, has a control period that covers October 3 through October 2. This will be issued no later than the end of November.
- Workiva will also be issuing an additional SOC 1 with a reporting date of January 1 through December 31. This will be issued no later than the end of February.
- Workiva will also be issuing an additional SOC 1 with a reporting date of April 1 through March 31. This will be issued no later than the end of May.
It usually takes 6-8 weeks from the end of the report period to receive the final SOC Reports. Once available, we will post them to the Security and Compliance Document Request Portal. Additionally, a Bridge Letter through the end of the quarter will be available within the first week of the new quarter.
TL;DR - our usual SOC reports will be made available on the Compliance portal by the end of November, March, and May each year.
Additional info
Workiva is also ISO/IEC 27001:2013 certified and is FedRAMP authorized (see here). Here is our published privacy policy with a Truste Certification: https://www.workiva.com/legal/privacy-policy
Workiva partners with Google® and Amazon®, both of which are SOC 2, ISO 27001, 27017, and 27018 compliant.
If you have any questions, just let us know. Thanks, and have great day!
Amazon Web Services is a trademark of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Google Cloud is a registered trademark of Google Inc.
-
正式なコメント
Great news! The SOC 1 Type II and SOC 2 Type II reports are now available on the compliance portal. The bridge letter is expected to made available on December 31, 2021. We'll update you as well then the new SOC report is available in May. Thanks again and happy holidays!
Is there a reason the SOC 1 and SOC 2 reports are only through October 15 this year and not October 31? (Less than a full year)
0
Hi Alyssa!
Happy to help answer this question for you. We ended our period on October 15 to ensure the report was available before 12/31 for our customers. Moving it back enabled us to receive it much earlier in the period. You can also find our Bridge Letter on the portal which covers the days from Oct 15 to Oct 31, up until 12/31.
Hopefully that adds some clarity for you. Let us know what additional questions you have and if you need anything further. Cheers!
0
Hi! It isn't explicitly mentioned in the SOC 1 report but our Internal Audit team wanted to confirm whether Wdata is covered under the current SOC 1 report. I assume it's part of "Workiva Inc.'s Cloud-Based Collaboration Solutions and Support Operations system provided to user entities view the Workiva Platform"?
0
Hi Jho!
Thanks for the question. I can confirm, Workiva's SOC 1 covers Wdata as part of the Workiva Platform. Let me know if you need anything else.
Cheers!
Mike
0
Hi - Please can you confirm when the SOC 1 Type II report covering Nov23 thru Oct24 will be available? Thanks!
1
Hi - This website says that a SOC 1 Type 2 Bridge Letter through the end of the quarter will be available within the first week of the new quarter). However, a bridge letter covering thru Dec 11, 2024 has already been posted. Will there be another Bridge letter posted that covers thru Dec 31st?
0
Hi Kimberly,
Thanks for your question.
The December 11 bridge letter you see is in relation to the issuance of new SOC 1 and SOC 2 reports. That will not effect our standard quarter's-end bridge letter process. Our bridge letter spanning thru December 31 will be available on the Compliance Portal by end of business on our first operational day after calendar-year end, which is January 6, 2025. However, customers may also request your CSM to generate the letter sooner, beginning on January 1, 2025.Hope that helps. Let me know if you have any follow-ups or need anything else. Cheers!0サインインしてコメントを残してください。
コメント
8件のコメント