As a private company, Simplifya is not required to obtain a SOC (System and Organization Controls) Report. However, we are a compliance company with a very security-minded approach to its business. That focus is the primary reason we selected AWS as our hosting provider.
AWS does share a collection of recent SOC reports. The SOC 3 is available to the public, but SOC 1 and SOC 2 reports are subject to NDA. If you need a copy of an AWS SOC 1 or SOC 2 report, please submit a request to security@simplifya.com.
AWS SOC 1 Report
The AWS SOC 1 Type 2 report evaluates the effectiveness of AWS controls that might affect your internal controls over financial reporting (ICFR). The audit is performed according to the SSAE 18 and ISAE 3402 standards. Current report:
- Report covering July 1, 2023 to June 30, 2024 (requires NDA)
AWS SOC 2 Report
The AWS SOC 2 Type 2 report evaluates the AWS controls that meet the criteria for security, availability, and confidentiality in the American Institute of Certified Public Accountants (AICPA) TSP section 100, Trust Services Principles and Criteria. Current report:
- Report covering April 1, 2023 to March 31, 2024 (requires NDA)
AWS SOC Continued Operations Letter
Based on their full year of coverage within SOC 1 and 2 report cycles, AWS publishes this SOC Continued Operations Letter instead of a bridge or gap letter. This document states that AWS continues to maintain the security controls and system environment that was audited and described in the latest SOC 1 and SOC 2 reports. Current letter:
- Letter covering June 1, 2024 to November 1, 2024 (requires NDA)
AWS SOC 3 Report
The SOC 3 is a summary of the AWS SOC 2 report; it outlines that AWS meets the AICPA trust principles in its SOC 2 audit report and includes the external auditor’s opinion of the operation of controls. Current report:
Comments
0 comments
Please sign in to leave a comment.