Yes. The most savings (for both dollars and time) will come by combining the testing efforts. Many framework criteria overlap (such as logical access), therefore if you test logical access once, you can meet the requirements of different frameworks.

For reporting, you can use your SOC 2 report as the basis, but can add on the reporting to other frameworks in an unaudited section 5 mapping (most common), or by doing a SOC 2+ report, which combines the criteria of SOC 2 and the other framework in a single opinion (less common due to increased level of effort).

Did this answer your question?