Skip to main content
🎉 Check out our latest May Release 🎉 Here

Search

Welcome to Whistic Support

AI Summary of SOC 2

  • Updated

Table of Contents

Summary

It is one of your critical vendors. They'll have access to your most sensitive data. You need an in-depth analysis of their security practices to ensure that your data will be safe with them. So you request their SOC 2 Audit Report...

Four hours into reviewing a 95-page document, you think, there has to be a better way!

Introducing Whistic's AI-powered SOC 2 Summarization tool. It reviews and analyzes SOC 2 reports, providing a detailed executive summary that includes everything you need to know about that vendor's security controls as outlined in the SOC 2.

Important: If you haven't yet reviewed Whistic's AI & Security policies for how information is accessed, stored, used, etc - please go here for more information.

🚀 Getting Started

The SOC 2 Summarization feature is available for critical vendors who have access to your most sensitive data and require in-depth security analysis.

Requirements:

  • Document must be a PDF file uploaded to the vendor's Document Repository
  • Document must be an actual SOC 1 or SOC 2 report (other document types are not currently supported)
  • Document must be encrypted or password protected
Note: Each account is allotted a certain number of Summaries. If you've reached your limit, please contact your Customer Success Manager.

📝 How to Request a Summary

  1. From the top menu, click on Assess Vendors
  2. Open the Vendor record that you wish to conduct a SOC Summary on
  3. Open the Vendor Detail page
  4. Go to the vendor's Document Repository dropdown
  5. Upload the vendor's SOC 2 Audit Report
  6. Select the Summarize SOC 2 button

  1. A window will appear displaying documents available for summarization.

To be eligible for summarization, the document must be a PDF file type uploaded to the vendor's Document Repository.

  1. Additionally, each account is allotted a certain number of Summaries. Upon requesting a new one, you'll see how many requests remain. If there are no longer any Summary credits available, please contact your CSM.

Whistic AI will create a summary of the SOC 2 from a PDF in your Document Repository. This process will take a few minutes. It will appear in the Document Repository once complete. Learn more.

  1. Select the document to be summarized
  1. Currently only SOC and SOC 2 reports are supported. If you select a different type of report, it will fail.
  1. Select Create Summary
  2. Within a few minutes, a new document will appear in the vendor's Document Repository. The new document will:
  1. Appear automatically once complete, no need to refresh
  2. Use the same Name as the original document with 'Summary' appended - not original_document - Summary.pdf
  3. Have a Source = AI Generated
  1. Once the summary is available, you'll receive a message in the Notification Center, see the 'bell' icon in the upper right. If the file does not appear within 30 minutes, please contact support@whistic.com.
  2. Finally - Not only will you get the summarized document, but much of of the key information extracted will be available in a new reporting index call SOC 2 Summaries.

NOTE: As far as the green, red and white icons, the meanings are as follows:

  • A Green checkmark indicates that both a policy review and verification of the organization's compliance with its policies was successful.
  • A Red 'X' signifies an exception. These also appear with additional context in the Exception section near the start of the SOC 2 Summary.
  • A White Dash typically indicates that the security control was not verified during the audit period. This doesn't necessarily mean a failure; rather, the specific control referenced something that wasn't available for verification during the audit period.

Example:

⚠️ Troubleshooting Timeouts

Timeouts for SOC 2 Summaries typically occur due to the following issues:

  • The document being used is not actually a SOC 2 report
  • The file is encrypted
  • The file is password protected (read, edit, etc.)

If you receive a timeout error when generating a SOC 2 summary, please follow these steps:

  1. The document cannot be a bridge letter, or another type of document
  1. If it is not a SOC 2, please obtain a SOC 2 from the vendor before attempting again. Open the document to confirm it is a SOC 2 report
  1. If the document is a SOC 2, check if it is encrypted or password protected
  1. Whistic does not support password protected or encrypted files as the AI is blocked when trying to parse these files
  2. If this is the case, you will need to obtain a non-password protected/encrypted version of the SOC 2 report to proceed
Note: Currently, only SOC 1 and SOC 2 reports are supported. Additional document types will be supported in future updates.

❓ FAQ

Does this support file types other than PDF?

No

Does this support other types of reports than SOC2s?

We currently support summarizing SOC1 and SOC2 reports. If you attempt to summarize a different type of report, the process will fail. (Please let us know what other report types you are interested in summarizing – different document types will be supported soon.)

Can I select more than one document at once?

No

Will this work for SOC 2 reports gathered from a questionnaire?

Yes

Will this work for SOC 2 reports gathered from an issue?

No, we are still working on this.

Can I view the summary without needing to download?

Yes