SOC 3 Reports

If your company provides specific services to customers, you want your customers to feel that they are working with a reliable organization that can be trusted to keep their data and information secure and confidential at all times. SOC 3 reports are attestation engagements performed by a certified public accountant that give the assurance that your service organization has a system of controls in place to adhere to the 5 Trust Services Principals of Security, Availability, Processing Integrity, Confidentiality, and Privacy for all shared data and information. A SOC 3 report can be issued for any one or all five Trust Services Criteria.


soc_logo
  • A SOC 3 report covers the same predefined principles as a SOC 2 report, but provides only the auditor’s report on whether the system achieved the trust services criteria, and does not provide a description of tests and results or opinion on the description of the system. The SOC 3 is a general-use report that permits the service organization to use the SOC 3 seal on its website. A SOC 2 report is restricted to use by existing user entities and their auditors, not for potential customers.

  • A SOC 3 report can give your customers the assurance that the information and data they give to your company will be kept secure and confidential. The report will show them that your service organization has been audited by an unbiased, third-party CPA with extensive experience in performing these audits and that your service organization’s controls are suitably designed and effectively meet control objectives. In addition, your service organization will be able to display a SOC 3 logo from the American Institute of Certified Public Accountants (AICPA) on your website as a way to market your services*.
    *SOC 2 Type II attestation is required in order to receive a SOC 3 report.