Skip to main content

FAQs: Secureframe SOC 2 report and Trust Center access

Written by Brady Price

Requesting Secureframe's SOC 2 report

Customers and prospects often need Secureframe's SOC 2 Type 2 report for vendor due diligence, security reviews, or procurement. This article explains how to request and download it.

Where can I find Secureframe's SOC 2 report?

  • Secureframe's most recent SOC 2 Type 2 report is available through our public Trust Center at trust.secureframe.com. Open the Trust Center, go to Resources, and request access to the SOC 2 report. After your request is approved, you can download the document directly from the Trust Center.

How do I upload Secureframe's SOC 2 report to a vendor record in Secureframe?

  • Download the report from trust.secureframe.com after your access request is approved. Then in Secureframe, open Vendor Risk Management, select the Secureframe vendor record (or create one), and upload the SOC 2 report as the vendor compliance document. Set the activity completion date to the report coverage period end date shown on the report, not the date you uploaded the file.

How long does it take to get access to Secureframe's SOC 2 report?

  • Most requests submitted through Secureframe's Trust Center are reviewed and approved within 1 to 2 business days. Access is usually granted immediately after approval. You may need to accept an NDA or click-through agreement before downloading. Requests submitted outside business hours are typically reviewed the next business day.

Do I need to sign an NDA to access Secureframe's SOC 2 report?

  • Yes. Secureframe's Trust Center typically requires requesters to accept an NDA or click-through agreement before downloading the SOC 2 report. Complete the agreement in the Trust Center request flow. Secureframe does not provide a separate offline NDA process for standard report requests.

A customer or prospect asked for our latest SOC 2 Type 2 report. What should we send?

  • If you are a Secureframe customer asking on behalf of your own customers, direct them to your published Trust Center URL (if enabled) or share your SOC 2 report through your Trust Center access workflow. If the requester needs Secureframe's report because Secureframe is your vendor, direct them to trust.secureframe.com.


Sharing your own SOC 2 report through Trust Center

If you use Secureframe Trust Center to share your company's SOC 2 report with customers and prospects, use the guidance below.

How do I require an NDA before someone downloads our SOC 2 report from Trust Center?

  • In Trust Center settings, configure document access controls and NDA requirements for protected resources. You can require requesters to accept your NDA (or a click-through agreement) before they download your SOC 2 report. Publish the Trust Center after updating settings. Secureframe does not provide a sample NDA template; consult your legal counsel to draft language that fits your business.

How do I set up an NDA (DBA) when someone requests our report through Trust Center?

  • Configure NDA settings under Trust Center > Settings > NDA. You can upload your NDA document or use a click-through agreement. When a requester asks for a protected document, they are prompted to accept the NDA before download. You can export a list of NDA acceptances from Trust Center NDA settings. If Trust Center is not enabled on your plan, contact your Customer Success Manager at [email protected].

Does Secureframe provide a standard NDA template for sharing SOC 2 reports?

  • No. Secureframe does not provide a sample NDA template for sharing your SOC 2 report. We recommend working with your legal counsel to draft an NDA that aligns with your business needs and legal requirements.

Did this answer your question?