What is a SOC 3 Report?
A System and Organization Control (SOC) 3 report focuses on internal controls as they relate to the AICPA’s five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. SOC 3 is similar to the SOC 2 report, however, the difference lies in the details provided in each report. The SOC 3 report is shorter and does not contain the detailed controls and testing procedures. This report is designed for organizations that do not possess the need for or the knowledge necessary to make use of the comprehensive details contained in a SOC 2 report.
Because SOC 3 reports are considered to be general use reports, there is the option to distribute the report for marketing purposes, such as posting it to your website.