Prospects, current customers, and past customers can learn how to request access to SOC1 or SOC2 reports, or a bridge letter in Gusto's Security Trust Center (a signed NDA is required).
Users Intent
Context Variations
Content
A Service Organization Controls (SOC) report is a way to make sure a company is following important rules about keeping data safe, private, and available. These reports are created by independent third-party auditors and help customers or partners check if there are any risks in working with a company.
Gusto’s reports focus on Security, Availability, and Confidentiality and can be accessed by prospects, current customers, and past customers.
Use the dropdowns below to learn more. Use CMD + F (or CTRL + F) to search for words in the article.
Reports supported by Gusto—SOC 1, SOC 2, SSAE-18, and bridge letters Gusto supports these reports for prospects, current customers, and past customers:
- SOC 1: Checks internal financial processing
- SOC 2: Focuses on IT, privacy, and technology
- SSAE-18: Enhancements to improve the SOC reports
- Bridge (gap) letters: Covers the time between the end of their last SOC report audit period and the current date.
You'll need to sign a Non-Disclosure Agreement (NDA) before you can download the reports.
Request a SOC 1 or SOC 2 report and bridge letter You'll need to sign a Non-Disclosure Agreement (NDA) before you can download the reports.
NDA already signed (within the last year)
If you already signed an NDA in the last year, you should have access to the Gusto Security Trust Center. If you do not have access, request access at the top of trust.gusto.com.
NDA needs to be signed
- Go to www.gusto.com/security.
- Under Information Security, click the SOC section.
- Click Visit our Trust Center (trust.gusto.com) to fill out a Non-Disclosure Agreement (NDA).
- In the top-right corner, click Request Access.
- Enter your details:
- First name
- Last name
- Company email address
- Company name
- Reason for requesting access
- Choose your access level:
- Full access, or
- Access to a specific document
- At the bottom of the pop-up window, click Request Access.
- A member of Gusto’s Security team will review your request. If approved, you will receive an email with the subject line: “Gusto, Inc. has shared their Trust Center with you.”
- This email may go to your spam folder. Check there if you do not see it in your inbox. It should come from: no-reply@vanta.com.
- Open the email and click the link. You will be asked to review and sign a non-disclosure agreement (NDA) before you can enter the Trust Center.
- Once you sign the NDA, return to the Trust Center.
- Go to the Resources section.
- View or download the documents you need:
- SOC 1 Type I
- SOC 2 Type II
- Gusto Bridge Letter
- Covers the time between the end of their last SOC report audit period and the current date.
Full-calendar-year reports
Gusto’s SOC reports sometimes cover from March of the previous year to February of the current year.
- Example: Mar 2024–Feb 2025
To cover a full calendar year, request access to both the current report, and an additional report, or bridge letter, for the missing period from the previous year's report (e.g., Jan–Mar '24).
To do so:
- Go to the Gusto Security Trust Center.
- Click the Resources tab.
- Review the time frames associated with the available bridge letters and SOC reports—Request access to the one the covers the missing time period.
Once you have the two reports (or a bridge letter to supplement one), you'll have covered a full calendar year.
