There are three standards for Service Organization Controls (SOC) established by American Institute of Certified Accounting Professionals (AICPA) for determining the suitability of system design and operating effectiveness of information technology (IT) infrastructures: SOC 1, SOC 2, and SOC 3.

The SOC 3 report provides assurance about controls over privacy in addition to the security, availability, processing integrity, and confidentiality controls provided by a SOC 2 report . The SOC 3 is a certification for general release to the public and does not contain the detailed description of the testing performed by the auditor. The auditor may authorize management to declare that they have received the SOC 3: SysTrust seal certifying compliance once the service auditor has assured that the Service Organization’s information system and controls have  met all of the trust services criteria according to the approved standards.

Leave a Reply

Your email address will not be published. Required fields are marked *

Go back to top