Reading long SOC 1 and SOC 2 reports is always a challenge—packed with details like scope, CUEC mapping, Sub Service Organizations, and exceptions that all need validation. Manually digging through these documents takes time and risks overlooking critical issues.

Numero extracts the key details into an easy-to-read view, automatically highlighting important points. Users can also download the structured metadata into a spreadsheet, with each section organized into separate sheets that follow company standards.

Log in to Numero and go to Internal Documents to access your repository. Click Add Documents to upload a SOC report, which Numero’s AI will automatically categorize and process. For a detailed walkthrough, see Manually Adding Documents to the Repository.

If you have connected your Cloud Drive like SharePoint, add your files to your cloud folder and Numero will automatically sync the new files.

Once the document is processed, click the SOC document name to open a detailed view, where Exceptions highlights any deviations, Subservice Orgs displays third-party controls within the report’s scope, and CUEC Mapping outlines user entity responsibilities. Numero also provides citations indicating the exact source of the information within the document, so you don’t have to scan through the entire document to locate the details it highlights.

Cover Sheet: Provides a quick snapshot of the SOC report, including the service organization, report type, coverage period, and auditor’s opinion. This summary helps you confirm the report’s scope and key details at a glance, without reading through the full document. You can also edit the content, and by clicking the book icon, you can view the corresponding citation from the report, with the relevant text highlighted for easy reference.

Exception: Shows any deviations noted in the SOC report, or confirms when none are found. These exceptions reflect differences between the controls the service organization provides and what client entities are expected to manage or rely on.

Subservice Orgs: Lists the Complementary Subservice Organization Controls (CSOCs), third-party service providers, that are carved out of the SOC report’s scope. These are usually noted explicitly in the report to clarify which controls remain outside the auditor’s review.

If something’s missing, you can easily add it yourself by clicking “+Add.

CUEC Mapping: Details Complementary User Entity Controls, which outline the responsibilities client organizations must implement on their side. These are typically specified in the SOC report to clarify the shared responsibility between the service provider and its users. As like above, add your inputs by clicking “+Add”

Linked Documents: You can link relevant documents, such as bridge letters, to the selected SOC report. This allows you to review all related materials in one place.

When reviewing a document, you’ll notice the original SOC report (and bridge letter, if included) on the right-hand side for easy comparison. You can:

Click the download icon in the top-right corner to download the SOC report or the extracted information

This ensures you always have both the source and AI-extracted data at your fingertips.