Today’s Edition: Beyond the Basics of SOC 2

In the trenches of your SOC 2 compliance journey? We’re throwing you a lifeline.

All the moving parts involved in achieving SOC 2 can be daunting. Between understanding the trust services criteria, policies that should be included, and things like bridge letters and systems descriptions, you might need more guidance than you originally planned for.

A granular understanding of the nuances in SOC 2, including rigorous internal assessments and continual refinement of control mechanisms, is imperative to navigate the evolving landscape of compliance requirements and cybersecurity threats.

This edition of Trusted gets into the nitty gritty of all things SOC 2. Check it out. 👇

What Is a SOC 2 Bridge Letter? [+ Template]

Let’s say your SOC 2 report covers the period between Oct. 1, 2022 and  Sept. 30, 2023. Your customer’s calendar year-end runs from Jan. 1, 2023 through Dec. 31, 2023. 

Your SOC 2 report only covers nine of the 12 calendar months, which leaves a three-month coverage gap. As a service organization, how do you account for that interim period? 

This is where SOC 2 bridge letters come in. We’ve covered all your FAQs about bridge letters, including:

• What is a bridge letter?
• What is required in a SOC 2 bridge letter? 
• Who provides a bridge letter?
• What length of time does a bridge letter cover?

Check out the full blog post for answers to these questions and a bridge letter template to help you get started.

⭐️DON'T MISS⭐️ Bowling Happy Hour with Drata and Mission Cloud at AWS Summit L.A.

From Drata's Experts

Trust Services Criteria: What You Need to Know

By understanding the trust services criteria, companies pursuing SOC 2 can become audit ready faster. Check out this article for a breakdown of what these criteria cover.

12 Commonly Recommended Security Policies for SOC 2

When it comes to SOC 2, implementing clear policies can improve internal processes, streamline your audits, and build trust with your customers.

SOC 2 Type 1 vs. Type 2: How They Differ

While there are similarities between the two reports, there are also distinct differences to note. This article breaks down both reports.

You’re Invited to Accelerate Your Revenue Trajectory With SOC 2 Compliance

In the rapidly evolving startup ecosystem, the conversation around compliance often takes a backseat, overshadowed by more immediate concerns and perceived primarily as a defense against cyber threats and regulatory fines. Yet, the reality is starkly different. 

For startups looking to carve out a significant space in their respective industries, understanding and integrating compliance into their growth strategy is not just beneficial—it's imperative.

Join Principal Security Partner Strategist at AWS, Cheryl Cage, CEO of Bettermode, Mo Malayeri, and VP of Customer Experience at Drata, Ashely Hyman for this webinar on May 22, 2024 to discuss what compliance looks like for startups.

Around the Web

ChatGPT’s ‘hallucination’ problem hit with another privacy complaint in EU | TechCrunch

Thoma Bravo to buy UK's Darktrace for around $5.3 bln | Reuters

Biden-Harris Administration Announces Key AI Actions 180 Days Following President Biden’s Landmark Executive Order | The White House

From Our Customers

Secured Jobs

Senior Compliance Officer - Bloomberg Tradebook - Legal & Compliance | Bloomberg | New York, NY

Information Systems Cybersecurity Engineer (Threat Modeling), Enterprise Systems | Apple | Austin, TX

Compliance Officer | Truist | Richmond, VA

Helpful Resources

Trusted is currently published twice a month and is designed to share the latest resources from around the compliance, risk management, and cybersecurity space. If you have suggestions or would like to include a recent article or podcast, please let us know.

🗣 Secured, The Drata Community

↘️ Trusted: Share our newsletter with others

🎥 Upcoming webinars

😎Drata Customer Stories