I want access to the latest AWS System and Organization Controls (SOC) reports. The SOC reporting period isn't current. When are new SOC reports going to be available?
SOC reports are audits performed over a time period and don't expire. AWS auditors perform SOC audits twice a year over a period of 6 months: Oct 1–Mar 31 and Apr 1–Sept 30. When the audit period is over, AWS auditors prepare the audit report and release the report in May and November. You can also download the SOC Continued Operations Letter, which states that AWS continues to maintain the security controls and system environment audited and described in the latest SOC reports.
Note: AWS publishes a Continued Operations Letter SOC report instead of a bridge or gap letter. For more information, see Compliance reports.
To access SOC 1 and 2 reports and the Continued Operations Letter, see Downloading reports in AWS Artifact. If you can't download the SOC reports or Continued Operations Letter, then see Tips to troubleshoot common issues.
Note: The SOC 3 report is publicly available as a whitepaper. For more information and to download, see the AWS SOC 3 section in AWS System and Organization Controls (SOC) reports FAQs.
Important: Share AWS Artifact documents only with those you trust. AWS Artifact reports have a unique, traceable watermark that's specific to you. Don't email reports or share them online. Instead, use a secure authenticated sharing service with auditing capabilities, such as Amazon WorkDocs.
AWS Artifact FAQs
How can I download and share AWS Artifact documents with regulators and auditors, or with others in my company?