SOC 3
E708333
SOC 3 is a type of Service Organization Control report that provides a high-level, publicly shareable assurance about a service organization's controls related to security, availability, processing integrity, confidentiality, or privacy.
Statements (47)
| Predicate | Object |
|---|---|
| instanceOf |
Service Organization Control report
ⓘ
assurance report ⓘ attestation report ⓘ |
| abbreviationOf | Service Organization Control 3 NERFINISHED ⓘ |
| appliesTo |
SaaS providers
ⓘ
cloud service providers ⓘ data center providers ⓘ managed service providers ⓘ |
| assuranceLevel | high-level ⓘ |
| basedOn | Trust Services Criteria NERFINISHED ⓘ |
| canInclude | SOC 3 seal or logo for marketing materials ⓘ |
| comparedTo | SOC 2 NERFINISHED ⓘ |
| coversPrinciple |
availability
ⓘ
confidentiality ⓘ privacy ⓘ processing integrity ⓘ security ⓘ |
| detailLevel | less detailed than SOC 2 ⓘ |
| differenceFromSOC2 |
designed for broad distribution
ⓘ
less technical detail ⓘ |
| distributionRestriction | no restricted distribution ⓘ |
| evidenceType | reasonable assurance ⓘ |
| excludes |
detailed description of controls
ⓘ
results of tests of controls ⓘ tests of controls ⓘ |
| focus | controls relevant to Trust Services Criteria ⓘ |
| geographicUse | international ⓘ |
| governingBody | American Institute of Certified Public Accountants NERFINISHED ⓘ |
| includes |
independent auditor’s opinion
ⓘ
management assertion ⓘ |
| intendedAudience |
business partners
ⓘ
customers ⓘ general public ⓘ prospective customers ⓘ regulators ⓘ |
| outputFormat | short-form report ⓘ |
| prerequisite | SOC 2 examination over same system and period ⓘ |
| publicAvailability | publicly shareable ⓘ |
| relatedStandard | SOC 2 Type 2 NERFINISHED ⓘ |
| reportingFramework | AICPA attestation standards NERFINISHED ⓘ |
| reportPeriod | typically 6 to 12 months ⓘ |
| reportType | general use report ⓘ |
| scope |
controls over services provided to user entities
ⓘ
service organization controls ⓘ |
| usedFor |
demonstrating compliance with Trust Services Criteria
ⓘ
marketing ⓘ public assurance ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.