Objective:

• To understand where to obtain SOC (System and Organization Controls) Reports

Environment:

• PDF viewer
• Internet Browser

Additional Information:

PolicyStat periodically receives requests from IT Security teams for SOC reports pertaining to the security controls in place for our cloud environment.

The currently available SOC reports are through Amazon Web Services (AWS), the web hosting/cloud provider platform that powers all of PolicyStat. At this time we do not have a SOC report that is specific to PolicyStat.

Answer:

AWS SOC 3

For AWS SOC 3, a Security, Availability & Confidentiality Report is available as a whitepaper here.

AWS SOC 1 or AWS SOC 2

For AWS SOC 1 or AWS SOC 2, these reports are protected by a non-disclosure agreement (NDA) with AWS, and thus PolicyStat is not permitted to share them directly with our customers.

A security, availability, and confidentiality report pertaining to these services can be requested from AWS via this link: https://aws.amazon.com/compliance/soc-faqs/

Please note, this does require creating an AWS account to complete the request.