FAQ
FAQ’s
How to share my SOC 2 report?

How to share my SOC 2 report?

SOC 2 report is not for public sharing. This report is classified as a Restricted Use Report, which means it’s not meant to be accessible by everyone.

This is because the report has detailed insights into your company’s systems and controls, some of which might be unique to your business. From a safety standpoint, keeping this confidential information away from competitors or anyone with malicious intentions is a clever move.

However, even though you can’t openly hand out the SOC 2 report, you can of course announce that you’ve completed the attestation. This can give you an edge in the market. The AICPA has even designed a special logo for this purpose, and there are clear rules about how you can use it and share the good news with the public.

And if you still want to share it with the public, consider the SOC 3 report instead. SOC 3 report can be issued alongside your SOC 2 report without much extra effort. The SOC 3 report is different because it’s designed to be more general and accessible. The best part is that you can use it as a marketing tool to show your system’s security on your website and share it with potential clients.

Was this article helpful?

How can we improve this article?

Related questions

  • How often is HIPAA training required?
  • What is the key to HIPAA compliance?
  • What are examples of covered entities?
  • Are SOC reports public?
  • How long does a SOC 2 audit take?
  • How long does it take to get SOC 2 compliant?
  • How long is a SOC 2 report valid?
  • What does SOC 2 stand for?
  • How to review a SOC 2 report?

Get SOC 2 compliance
ready in 4 weeks!

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.