By using AWS re:Post, you agree to the Terms of Use

Share SOC Type 2 report with Clients


Being new to AWS, many of my clients are asking for me to share the latest AWS SOC Type 2 audit report as part of its vendor change, and what will be annual, security risk assessment. I need to know if I'm able to share the report with them as I was able to do that with my incumbent technical vendor.

3 Answers

Important NOTE - sharing the SOC 2 report requires us to follow a more formal process so that we know who has downloaded the report and how it's being used. The American Institute of Certified Public Accountants (AICPA) has rules that we must follow including the that SOC 1 or SOC 2 reports cannot be used as part of marketing/sales materials. Therefore it is critical that our customers access our certification/audit reports using AWS Artifacts so that we are properly recording these actions.

answered 9 months ago
Accepted Answer

The terms and condition for the specific report are included on first page of the document you download from AWS Artifact. These T's & C's define when/if sharing is permissible. So I'd recommend that you download the current SOC 2 report and review the T's & C's against your situation.

answered 9 months ago
profile picture
reviewed 9 months ago

AWS customers are able to access and download available versions of the SOC Reports (and others) through the AWS Artifact service in the management console.

answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions