This SOC 2 review template is designed to help organizations conduct a thorough review of a third-party vendor’s SOC 2 report. This template includes the following sections:

• Basic Review: Covers essential details like company information, types of data processed, auditor’s opinion, examination period, any noted exceptions or deviations, and conclusion of a review.
• Advanced Review: Adds further assurance to gain additional assurance in the specified functional areas.
• Guidance: Offers tips on where to find specific pieces of information within SOC 2 reports (e.g., auditor’s opinion, data processed, exceptions).
• CUECs, UERs, and CSOCs: Details on complementary controls that rely on both the vendor and the client to ensure the security of the service.