A SOC bridge letter is an essential document that ensures your current and potential clients that your organization is SOC compliant between the period of expiration of a previous year’s SOC audit and the completion of the next year’s. Typically, a SOC 1 or 2 certification only covers a portion of a business’s fiscal year. For example, if a company’s SOC 2 certification covers November 1st, 2019 through October 31st, 2020 but the company’s fiscal year ends on December 31st, 2020 then a bridge letter would be shown to clients during the gap period.
A bridge letter covers the gap between the end of a previous SOC certification and the completion of the next year’s certification. The document shows clients and customers that there have not been any significant changes in the strength of internal controls during that gap period. This helps to keep the confidence of your consumers during the missing period.
How Long Does A SOC Bridge Letter Cover?
Generally, a bridge letter will cover a period of up to three months. If your organization needs coverage for more than three months, it may be time to perform your next SOC audit. Since bridge letters only cover a short time, it is critically important that your organization’s SOC audits are completed in the correct time frame so that there are no uncovered gaps.
Components Of A SOC Bridge Letter
Some of the most defining elements in a bridge letter are:
- The period of the most recently completed SOC certification with dates
- Descriptions of any changes to the organization’s internal controls or statement that there were not any significant changes
- A statement that confirms that there have not been any changes that would make the organization no longer SOC compliant
- A statement that the letter is about only the organization in question and does not apply to any other organization
What Is Their Purpose and When Are They Used?
As stated before, a bridge letter guarantees to your clients or customers that your organization is compliant even during gap periods. It is becoming more common for clients to only work with SOC-compliant organizations. Keeping the coverage in the gap period provided by the bridge letter could be crucial to keeping your clients on board. A bridge letter does not replace your next SOC certification, but it is a great way to provide peace of mind to your clients or customers during the interim period between SOC audits.
Contact us to get started on your organization’s next SOC audit!