Skip to main content

Hi, does anyone have a recent DocuSign SOC2 report? I am currently undergoing ISO 27001 compliance for my business and all our ‘high risk’ vendors need to have a SOC2 report. 

Thanks

@HannahCrock 

This should be included in the DocuSign Trust and Assurance Packet (STAP), which can be downloaded here.


@Michael.Rave

I am currently undergoing a SOX audit as well, and the auditors have requested a Bridge Letter for the SOC report (STAP) provided by DocuSign. Could you please guide me on how to obtain this Bridge Letter or provide the necessary document?

Thank you in advance for your assistance.


@seeurango

I am not sure what this Bridge Letter exactly is. Typically the STAP package contains all the needed information. If you need something in addition, please feel free to create a Docusign Support case or contact your Account Team to create a legal case.


@Michael.Rave 

Appreciate your response. I will reach out to my Account Team.

From what I understand on a Bridge Letter, it for a SOC report that is a document issued by a service organization to address changes or updates that occurred after the issuance of the SOC report but before the end of the period covered by the report. It helps bridge the gap between the report's issuance date and the current date, providing updated information about the service organization's controls or any significant events that might impact the report's conclusions. This ensures that stakeholders have the most current information when assessing the effectiveness of controls and risks. Hope this explains!


@seeurango 

Thank you for the additional context. After review it makes sense to raise a legal case via the account team as the right way forward.


How about making this downloadable for customers within your product? 
We have to review once a year and its more than bothersome to request and wait every year. 

 

Thanks!


Reply