SOC FOR SERVICE ORGANIZATIONS: TRUST SERVICES CRITERIA FOR GENERAL USE REPORT
A SOC 3 report (referred to by some as a “SOC 3 certification”) provides a limited view of the organization’s system and controls related to information technology and data security and, therefore, is suitable to be used in the service organization’s marketing and sales efforts.
The deliverable is a general use report that provides relevant information about the security, privacy, confidentiality, availability, and processing integrity of the organization’s operational controls to decision makers at current and prospective customers. It gives the service organization the opportunity to advertise that their processes have been examined by an independent third party against any or all of these five Trust Services Criteria.
You need a SOC 3 report when:
- Your business wants to make some portions of a SOC 2 report available to the public.
If you would like to learn more about how a SOC 3 report could help you demonstrate your value to clients and prospects, please contact Auditwerx.