Automated SOC 2 Bridge Letters
Sean Donovan avatar
Written by Sean Donovan
Updated over a week ago

Note: This feature is only available on our Growth and Enterprise plans.

A bridge letter bridges the gap between the end of the last SOC 2 audit period and the current date, to state any changes to the SOC 2 controls, if any. It is often requested by buyers.

A bridge letter usually covers:

  • [Static content] The beginning and end dates of the most recent SOC 2 audit period

  • [Static content] An explanation of any changes to the organization's systems or controls since the audit, if any

  • [Static content] The signer name, title, and script-like signature

  • [Dynamic content] The date of the letter

  • [Dynamic content] (Sometimes optional) The recipient of the letter (= buyer company)

Historically, InfoSec teams would need to manually create bridge letters due to the dynamic content: letter date, and letter recipient.

We automate bridge letter creation & sharing directly in your SafeBase Trust Center.

Setup

  1. Navigate to the the SOC 2 Report item in the Reports card or the SOC 2 item in the Compliance card

    1. From there, click Edit in the top right corner.

  2. You will see a toggle for a SOC 2 Bridge letter at the bottom of the item:

3. From there, you will be able to enter your Letter Template and Signer Name and Title.

SafeBase will automatically generate the following for your requestors when they download the letter:

[Your Company logo used on SafeBase]
{Month} {Day of Download}, {Year}
To Whom It May Concern {at Account Name *if available},

4. Once you have added your letter and details, click the Save button in the top right.

Now when your customers/prospects/partners visit your Trust Center they will be able to view or download your Bridge Letter directly from your Trust Center.

Want to learn more about how the document is generated and how it will appear to your customers and prospects?

Here is a breakdown of the Document Generation:

  1. SafeBase features a new “SOC 2 Bridge Letter” section in the item, with PDF named OrgName-SOC-2-Bridge-Letter

  2. Once downloaded, the PDF incorporates (below is an example)

    1. The logo of the org

    2. The current date

    3. The recipient

    4. The letter template

    5. The signer name, title, and signature

      1. The signature is the signer name written in signature-like font, generated by SafeBase

    6. (If enabled) A watermark, including an “Autogenerated for OrgName by SafeBase” footer

This is an example of what the Bridge Letter will look like:

Did this answer your question?