Upload a SOC 2 report from a critical service organization; Verisq extracts the Complementary User Entity Controls (CUECs) and surfaces gaps against your own control environment. The CUEC review nobody does manually anymore.
Parses uploaded SOC 2 reports and identifies the CUEC section, mapping each CUEC to the relevant TSC criterion.
Each CUEC compared against your own control inventory; gaps surface as RiskOps register entries against the service organization.
SOC report expiration triggers re-extraction prompts at 60 / 30 days before report period end.
CUEC review is part of vendor risk record, not a separate workflow. Risk tier reflects open CUEC gaps.
Verisq's SOC 2 / CUEC Extraction is part of the Trust Operations Platform — one data model, one audit trail, one auditor seat.