- Newest
- Most votes
- Most comments
Important NOTE - sharing the SOC 2 report requires us to follow a more formal process so that we know who has downloaded the report and how it's being used. The American Institute of Certified Public Accountants (AICPA) has rules that we must follow including the that SOC 1 or SOC 2 reports cannot be used as part of marketing/sales materials. Therefore it is critical that our customers access our certification/audit reports using AWS Artifacts so that we are properly recording these actions.
The terms and condition for the specific report are included on first page of the document you download from AWS Artifact. These T's & C's define when/if sharing is permissible. So I'd recommend that you download the current SOC 2 report and review the T's & C's against your situation.
AWS customers are able to access and download available versions of the SOC Reports (and others) through the AWS Artifact service in the management console.
Relevant content
- asked 9 months ago
- asked 3 years ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 years ago
I understand that the reports are available in Artifact, but what I need to understand is are there any limitations to share the reports with my clients (healthcare entities) who conduct annual security risk assessments against my company and require the latest SOC 2 reports. This link misses that key point and its a requirement upon me to provide such reports in exchange for them doing business with me.
The link mentioned above - https://aws.amazon.com/premiumsupport/knowledge-center/download-share-artifact-documents/