SOC 3 Report

Capitalizing on a Valuable Marketing Tool


What is a SOC 3 Report?

Similar to a SOC 2, a SOC 3 report focuses on the controls relevant to the AICPA’s Trust Services Criteria over security, availability, processing integrity, confidentiality, and privacy. Unlike a SOC 2, a SOC 3 report can be made publicly available for marketing an organization’s compliance and operations surrounding security. In order to obtain a SOC 3 report, an organization must first have a SOC 2 review completed.

What is the Difference Between a SOC 2 and SOC 3 Report?

The main difference between a SOC 2 and SOC 3 report is that a SOC 3 report has a significantly less detailed description of controls related to compliance and operations. Additionally, a SOC 3 does not include detailed testing procedures or results of testing.

Who Would Benefit from a SOC 3 Report?

Organizations whose primary goal is marketing their system/product against an industry-approved standard should select this reporting option. A SOC 3 report is a good fit for an organization if they want to make their report generally available (i.e., posted on the public internet).

Additional SOC Resource

Download our eBook, “A Comprehensive Guide to SOC Reports” to learn additional pertinent and valuable information around SOC3 and the other SOC reports available to your organization, SOC examinations, finding the right auditor, and much more. If you’d like to discuss how our team can help with your SOC audit needs, please contact us.

Do You Need a SOC Report? Request a Consultation

Contact Us