What to actually extract from a vendor's SOC 2 report or questionnaire, and how to keep the assessment from going stale.
Vendor risk keeps this inventory, parses uploaded SOC 2 reports, and schedules reassessment by tier.