Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Request for SOC reports and Bridge letter

            Modified on Mon, 13 Oct at 4:58 AM

            SOC 1 Type 2 overview

            System and Organization Controls (SOC) for Service Organizations are internal control reports created by the American Institute of Certified Public Accountants (AICPA). They're intended to examine services provided by a service organization so that end users can assess and address the risk associated with an outsourced service.

            A SOC 1 Type 2 attestation is performed under:

            • SSAE No. 18, Attestation Standards: Clarification and Recodification, which includes AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting (AICPA, Professional Standards).
            • SOC 1 Reporting on an Examination of Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting (AICPA Guide).

            Aside from the AICPA Statement on Standards for Attestation Engagements 18 (SSAE 18), the Microsoft 365 SOC 1 Type 2 audit is conducted in accordance with the International Standard on Assurance Engagements No. 3402 (ISAE 3402). The SOC 1 attestation has replaced SAS 70, and it's appropriate for reporting on controls at a service organization relevant to user entities' internal controls over financial reporting. A Type 2 report includes the auditor's opinion on the effectiveness of controls in achieving the related control objectives during the specified monitoring period.

            MICROSOFT 365 AUDIT REPORTS

            • The Microsoft 365 SOC 1 Type 2 Reports for Central and Microservices are available for customers to download via the Service Trust Portal - Service Trust Portal Home Page 
            • Bridge letters and additional audit reports are also available in the Service Trust Portal - System and Organization Controls 
            • You must have an existing subscription or free trial account in Microsoft 365 or Microsoft 365 U.S. Government to download SOC 1 and SOC 2 attestation reports and any bridge letters as needed.


            FREQUENTLY ASKED QUESTIONS - System and Organization Controls (SOC) 1 Type 2 - Microsoft Compliance | Microsoft Learn 

            Where can I get the Microsoft 365 SOC audit documentation including Microsoft's bridge letters?

            For links to audit documentation, see the audit report section of the Service Trust Portal. You must have an existing subscription or free trial account in Microsoft 365 or Microsoft 365 U.S. Government to sign in. You can then download audit certificates, assessment reports, and other applicable documents to help you with your own regulatory requirements.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0