IT Examiner School, Providence, RI

SOC 2

• The purpose of a SOC 2 report is to evaluate an organization’s information systems relevant to: – Security – Availability – Processing integrity – Confidentiality – Privacy

• A SOC 2 report includes auditor testing and results.

SOC 3

• A SOC 3 report provides the highest level of certification and assurance of operational excellence that a data center can receive.

• Since it is made available to the public, the SOC 3 report does not contain a description of the service auditor’s test work and results.

• A SOC 3 report includes a system description and the auditor’s opinion.