Requesting compliance documentation
Who is this article for?
Users requesting compliance documentation.
No special access or permissions are required.
This article covers the steps for requesting SOC reports, relating to your Amazon Web Services (AWS) hosted systems, and integrity statements.
1. SOC reports
SOC reports detail an organisation's operational controls and come in three types: SOC 1, SOC 2, and SOC 3. Our hosting provider, AWS, issues a SOC 2 report covering IT service controls, which customers often request.
Due to sensitive content, AWS restricts sharing the SOC 2 report to customers who provide us with a:
- signed Non-Disclosure Agreement (NDA).
- written request explaining your need for the report, which may be denied.
AWS also provides a publicly available SOC 3 report, summarising the SOC 2 report. It details AWS's compliance with AICPA's Trust Security Principles and includes an auditor's opinion. This usually suffices for most needs.
If you still require the full SOC 2 report after reviewing SOC 3, open a ticket with us.
2. Integrity statements
If you require an integrity statement, please contact your Account Manager directly.