Request access to SOC reports and bridge letters

We support the following reports for prospects, current customers, and past customers:

• SOC 1: Checks internal financial processing

• SOC 2: Focuses on IT, privacy, and technology

• SSAE-18: Enhancements to improve the SOC reports

• Bridge (gap) letters: Cover the time between the end of our last SOC report audit period and the current date

You’ll need to sign a Non-Disclosure Agreement (NDA) before you can download the reports.

Before you download our security reports, you must sign a Non-Disclosure Agreement (NDA). We use a self-service workflow so you can sign the NDA and then access the reports.

How to sign the NDA and get our security reports:

1. Go to http://www.gusto.com/security.

2. Scroll to Information Security, then open the SOC dropdown.

3. Click the link to our Ironclad NDA form (hosted at ironcladapp.com).

4. On the form, enter:

   • Full legal name of your business

   • Full name of the person signing for your business

   • Email address of the signer

   • Job title of the signer

5. Click Submit. Our system automatically creates the NDA and refreshes the page.

6. Click Click to sign, then complete the signature steps.

7. After you sign, you see a “You’re All Set!” message. Click Download it now to save a copy of the signed NDA.

8. After the NDA is signed, we send an automatic email from “Gusto via Ironclad” via Security-GRC to the email address you entered in the NDA form.

9. Open that email (check spam if needed) and click the link in the message body. A new browser tab opens with a folder that contains our security certification reports and bridge letters.

10. View or download any report you need from that folder.