I just want to clarify how extremely standard and often required it is to download and store your SOC2s and other such documents when going through compliance. You almost never can actually just link to a public pentest report or SOC2 etc, you almost always need to go through an NDA. It's just not really meaningful to say "but the web archive is reliable" when it's virtually never an actual option to begin with.