Can the SOC 2 report of a wholly owned subsidiary be used by the parent company?

5 pts.
Tags:
Software development
I want to ask a question in theory. can a wholly owned subsidiary transfer or reference their SOC 2 Type 2 report to their two divisions under the parent company. So if the parent company has a third party vendor review that asks SOC related questions, can the non compliant division of the parent company answer at that point yes, when really that SOC report wasn't created from an audit of their division. Let's say the parent company is a software development shop and they spun off a hosting company. Hosting company is SOC 2, parent company is not. As they previously leveraged the SOC 2 report from the hosting division.

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: