SOC2 audits are a review of performance of controls over a period of time. Once the audit period is over, the report is prepared and made available to customers. Atlassian issues SOC2 reports covering a 12-month period (November 1 through October 31). The reports are applicable for the following 12 months, when we perform the next audits. There are many factors that impact the release of new reports, but our external audits typically occur in November and refreshed reports are usually availableby early January each year. Therefore, our report dated 2019 is valid and current through all of 2020.
Based on Atlassian’s full-year of coverage within our SOC2 report cycles, we can provide a bridge letter or gap letter. This document can be downloaded under the same click-through NDA as the SOC2 report on our Compliance Page.