FAQ
FAQ’s
How to share my SOC 2 report?

How to share my SOC 2 report?

SOC 2 report is not for public sharing. This report is classified as a Restricted Use Report, which means it’s not meant to be accessible by everyone.

This is because the report has detailed insights into your company’s systems and controls, some of which might be unique to your business. From a safety standpoint, keeping this confidential information away from competitors or anyone with malicious intentions is a clever move.

However, even though you can’t openly hand out the SOC 2 report, you can of course announce that you’ve completed the attestation. This can give you an edge in the market. The AICPA has even designed a special logo for this purpose, and there are clear rules about how you can use it and share the good news with the public.

And if you still want to share it with the public, consider the SOC 3 report instead. SOC 3 report can be issued alongside your SOC 2 report without much extra effort. The SOC 3 report is different because it’s designed to be more general and accessible. The best part is that you can use it as a marketing tool to show your system’s security on your website and share it with potential clients.

Was this article helpful?

How can we improve this article?

Related questions

  • Which is the latest version of the PCI DSS compliance?
  • What is the current version of ISO 27001?
  • What is PCI DSS compliance verification?
  • What are PCI DSS compliance milestones?
  • What are the three steps of PCI compliance?
  • What are the functions of PCI?
  • How often must PCI DSS compliance be validated?
  • What is required for PCI DSS compliance?
  • How to reduce PCI DSS cost?
  • Does ISO 27001 require MFA?

Found this useful?

Get SOC 2 compliance
ready in 4 weeks!

Try Sprinto

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales