SOC2 Audit review


I am in the process of reviewing a SOC2 audit report. From what I can tell, the audit findings all seem straight forward – almost like check boxes. Is it normal to push back and request additional supporting documentation for certain control areas?