SOC 3 Report Principles of SysTrust
The SOC 3 certification report provides your customers with assurance that your technology, systems, and controls provide security, confidentiality and availability, processing integrity, and privacy according to the American Institute of Certified Public Accountants (AICPA) Trust Service Principles (TSP 100). The service organization chooses the assessment principles to use for the report.
Service organizations that do business in the U.S. or Canada and receive a SOC 3 report may display the official AICPA SysTrust* seal on their website or other marketing materials to communicate compliance with the designated trust service principles.
Difference between an SOC 2 and SOC 3
In a SOC 2 report, along with management’s description of your systems, the auditor issues an opinion about the effectiveness of your controls, processing integrity, and IT best practices, based on the criteria of the Trust Services Principles.
A SOC 3 report uses the same predefined trust services criteria as a SOC 2 report, without the auditor’s opinion, and contains a brief, unaudited description of the system. The report does not include detailed descriptions of the test of controls. And unlike a SOC 2 Type 1 examination, a SOC 3 report examination must take place over a period of time.
Value of an SOC 3 Examination
Services businesses use the SOC 3 SysTrust seal to more effectively convey an understanding and mitigation of the risks related to the five trust services principles. This report is ideal for businesses that want to show customers and prospects that their systems meet these important criteria.
Auditwerx professionals are committed to helping you understand and report on the reliability and integrity of the IT information you share with your customers and prospects.
The SOC 3 SysTrust is a registered trademark of the AICPA (American Institute of Certified Public Accounts) and CICA (Canadian Institute of Chartered Accountants). The AICPA reserves all rights of the SOC logo and service mark.