SOC 3 Privacy Notice

SOC 3 PRIVACY NOTICE: A SOC 3 report is an independent auditor’s review of a service organization’s application of criteria related to one or more of the Trust Services Principles, which are:

  1.   Security: The system is protected against unauthorized access (both physical and logical).
  2.   Availability: The system is available for operation and use as committed or agreed.
  3.   Processing integrity: System processing is complete, accurate, timely, and authorized.
  4.   Confidentiality: Information designated as confidential is protected as committed or agreed.
  5.   Privacy: Personal information (i.e., information that is about or can be related to an identifiable individual) is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s  privacy notice and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA.

Under a SOC 3 report, management of a service organization asserts that, during the period covered by the report and based on the AICPA Trust Services criteria, the service organization maintained effective controls over the system under examination to satisfy the stated trust services principle(s) and criteria. Compared to the SOC 2 report, the SOC 3 assertion and system description is more general and can be used for distribution to the public.

Leave a Reply

Your email address will not be published. Required fields are marked *

Go back to top