SOC 3 Report

Capitalizing on a Valuable Marketing Tool

What is a SOC 3 Report?

Similar to a SOC 2, a SOC 3 report focuses on the controls relevant to the AICPA’s Trust Services Criteria over security, availability, processing integrity, confidentiality, and privacy. Unlike a SOC 2, a SOC 3 report can be made publicly available for marketing an organization’s compliance and operations surrounding security. In order to obtain a SOC 3 report, an organization must first have a SOC 2 review completed.

What is the Difference Between a SOC 2 and SOC 3 Report?

The main difference between a SOC 2 and SOC 3 report is that a SOC 3 report has a significantly less detailed description of controls related to compliance and operations. Additionally, a SOC 3 does not include detailed testing procedures or results of testing.

Who Would Benefit from a SOC 3 Report?

Organizations whose primary goal is marketing their system/product against an industry-approved standard should select this reporting option. A SOC 3 report is a good fit for an organization if they want to make their report generally available (i.e., posted on the public internet).

What type of SOC Report does my organization need?

Do You Need a SOC Report? Request a Consultation

Contact Us