SOC2 Type 2 audits are a review of performance of controls over a period of time. Once the audit period is over, the report is prepared and made available to customers. Atlassian issues SOC2 reports covering a 12-month period (October 1 through September 30). The reports are applicable for the following 12 months, when we perform the next audits.
There are many factors that impact the release of new reports, but our external audits typically occur in November and refreshed reports are usually available by end of December each year. We also issue a 3-month bridge letter in January/February of each year that extends the coverage period through the end of January.
All SOC2 reports (and the bridge letter) can be downloaded on the Compliance Resource Center.