Note: This feature is only available on our Growth and Enterprise plans.
A bridge letter bridges the gap between the end of the last SOC 2 audit period and the current date, to state any changes to the SOC 2 controls, if any. It is often requested by buyers.
A bridge letter usually covers:
[Static content] The beginning and end dates of the most recent SOC 2 audit period
[Static content] An explanation of any changes to the organization's systems or controls since the audit, if any
[Static content] The signer name, title, and script-like signature
[Dynamic content] The date of the letter
[Dynamic content] (Sometimes optional) The recipient of the letter (= buyer company)
Historically, InfoSec teams would need to manually create bridge letters due to the dynamic content: letter date, and letter recipient.
We automate bridge letter creation & sharing directly in your SafeBase Trust Center.
Setup
Navigate to the the
SOC 2 Report
item in theReports
card or theSOC 2
item in theCompliance
cardFrom there, click
Edit
in the top right corner.
You will see a toggle for a SOC 2 Bridge letter at the bottom of the item:
3. From there, you will be able to enter your Letter Template and Signer Name and Title.
SafeBase will automatically generate the following for your requestors when they download the letter:
[Your Company logo used on SafeBase]
{Month} {Day of Download}, {Year}
To Whom It May Concern {at Account Name *if available},
4. Once you have added your letter and details, click the Save button in the top right.
Now when your customers/prospects/partners visit your Trust Center they will be able to view or download your Bridge Letter directly from your Trust Center.
Want to learn more about how the document is generated and how it will appear to your customers and prospects?
Here is a breakdown of the Document Generation:
SafeBase features a new “SOC 2 Bridge Letter” section in the item, with PDF named
OrgName-SOC-2-Bridge-Letter
Once downloaded, the PDF incorporates (below is an example)
The logo of the org
The current date
The recipient
The letter template
The signer name, title, and signature
The signature is the signer name written in signature-like font, generated by SafeBase
(If enabled) A watermark, including an “Autogenerated for OrgName by SafeBase” footer
This is an example of what the Bridge Letter will look like: