SOC report asked by my internal compliance team

Hey guys,

Someone from the compliance team just contacted me asking for the SOC report for Redash. Do you know what is the correct way to get it? I know the project went fully Open Source but i dont know what happens when theres a project like this… Any clue?