Home
/
Glossary
/
What are SOC 1, SOC 2, SOC 3 Reports?
Back to Glossary
GRC
Merav Vered
2.12.2024

What are SOC 1, SOC 2, and SOC 3 Reports?

SOC (Service Organization Control) reports are vital for demonstrating a company's commitment to managing and safeguarding data, crucial for securing business contracts and fostering growth.

SOC 1 Report

SOC 1 focuses on financial reporting. It assesses internal controls a company has in place regarding the handling of financial information of its clients. This is essential for businesses that need to report financial data to auditors. SOC 1 comes in two types: Type 1 - examining controls at a specific point in time and Type 2 - examining the effectiveness of controls over a period, such as six months.

SOC 2 Report

SOC 2 focuses on operations and compliance, with a strong emphasis on cloud computing and data security. It is guided by the Trust Services Criteria, which includes security, confidentiality, processing integrity, privacy, and availability criteria. Like SOC 1, SOC 2 is split into Type 1 and Type 2 reporting.

SOC 3 Report

It is similar to SOC 2 but designed for a general audience. It contains the same information as SOC 2 but in a format suitable for public sharing. It is often used as a marketing tool to demonstrate compliance and reliability to potential clients.

Share & Subscribe

Ready to Get Your Time Back?

Give us only 20 minutes and we will show you how to get 20 hours back.

Book a Demo

Recommended

GRC
Merav Vered
5.2.2024

What Is NIST 800-30?

NIST 800-30 is a guide from the National Institute of Standards and Technology (NIST) focused on conducting risk assessments

Read More
Security Questionnaires
Merav Vered
5.2.2024

What Is a Due Diligence Questionnaire?

A Due Diligence Questionnaire (DDQ) is a standardized set of questions designed to gather information about a potential business partner or vendor

Read More