SOC-1 reports

One response

1. It sounds like you’re facing a common challenge with SOC-1 reports, especially when dealing with subservice organizations that have changed ownership. Here are a few strategies that might help you locate the report:

   1. Reach Out to the Main Company: Since you have the SOC-1 reports for the main company, try reaching out to them for assistance. They may have a direct line to the newly acquired company’s compliance or Audit team and could facilitate the request for the SOC-1.

   2. Check with Your Contacts: If you have connections in the Audit or compliance field, consider reaching out to them. They might have insights on how to get in touch with the right people or may even have encountered similar issues themselves.

   3. Professional Networks: Utilize professional networks such as LinkedIn to connect with individuals who work at the acquiring company or the subservice. You can send a polite message outlining your request and see if they can help or direct you to the right person.

   4. Industry Groups or Forums: Sometimes, industry-specific forums or groups can be a great resource. Posting your inquiry there might lead to someone who has dealt with this subservice or has tips on how to obtain the SOC-1.

   5. Expanded Testing: If all else fails, expanded testing might be necessary. Document your efforts in obtaining the SOC-1 report to show that you’ve made reasonable attempts. This documentation can help justify your approach in case of any questions during the Audit.

   Hopefully, one of these approaches will lead you to the SOC-1 report you’re looking for! Good luck with your audit.

   Log in to Reply