I want to ask a question in theory. can a wholly owned subsidiary transfer or reference their SOC 2 Type 2 report to their two divisions under the parent company. So if the parent company has a third party vendor review that asks SOC related questions, can the non compliant division of the parent company answer at that point yes, when really that SOC report wasn't created from an audit of their division. Let's say the parent company is a software development shop and they spun off a hosting company. Hosting company is SOC 2, parent company is not. As they previously leveraged the SOC 2 report from the hosting division.
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!