SOC3

The Service Organisation Control 3 (SOC 3) report provides information on the internal controls of the service organisation in areas of security, availability, processing integrity, confidentiality, or data protection. These five areas are the focus of the AICPA Principles and Criteria for Trusted Services.  

The SOC 3 report contains the same information as the SOC 2 report. The main difference between these two is that the SOC 3 report is intended for the general public. These reports are shorter and do not contain the same level of detail as the SOC 2 report, which is distributed only to designated stakeholders and generally on the basis of a signed NDA. Due to their more general nature, SOC 3 reports can be openly shared and posted on a company's website with a seal indicating compliance.