What is a SOC 3 Report?
If your company provides specific services to customers, you want your customers to feel that they are working with a reliable organization that can be trusted to keep their data and information secure and confidential at all times. SOC 3 reports offered by I.S. Partners, LLC are attestation engagements performed by a certified public accountant that give the assurance that your service organization has a system of controls in place to adhere to the 5 Trust Services Principals of Security, Availability, Processing Integrity, Confidentiality, and Privacy for all shared data and information. A SOC 3 report can be issued for any one or all five Trust Services Criteria.
What is the difference between a SOC 3 and a SOC 2 report?
A SOC 3 report covers the same predefined principles as a SOC 2 report, but provides only the auditor’s report on whether the system achieved the trust services criteria, and does not provide a description of tests and results or opinion on the description of the system. The SOC 3 is a general-use report that permits the service organization to use the SOC 3 seal on its website. A SOC 2 report is restricted to use by existing user entities and their auditors, not for potential customers.
Use the SOC 3 report to help your customers
A SOC 3 report can give your customers the assurance that the information and data they give to your company will be kept secure and confidential. The report will show them that your service organization has been audited by an unbiased, third-party CPA firm with extensive experience in performing these audits and that your service organization’s controls are suitably designed and effectively meet control objectives. In addition, your service organization will be able to display a SOC 3 logo from the American Institute of Certified Public Accountants (AICPA) on your website as a way to market your services*.
*SOC 2 Type II attestation is required in order to receive a SOC 3 report.
I.S. Partners Seal of Approval
The SOC 3 seal is granted in accordance with the same standards as SOC 2, and is illustrated on a general-use report that provides only the auditor’s report on whether the system achieved the trust services criteria (no description of tests and results or opinion on the description of the system.) The auditor’s report and seal may be posted on the recipient’s website and marketing materials.
Start the process of obtaining your SOC 3 Seal of Excellence by requesting a quote.
Learn More About SOC 3
Frequently Asked Questions
- What is the difference between a Type I audit and a Type II audit?
A Type I audit results in a report on management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specific date. A Type II audit is the same as a Type I audit but with a report on the operating effectiveness of the controls throughout a specified period.
- Why is I.S. Partners qualified to perform SOC audits?
I.S. Partners, LLC is a Certified Public Accounting firm registered with the AICPA (American Institute of Certified Public Accountants) and PCAOB (Public Company Accounting Oversight Board), and is managed by a group of highly-seasoned partners who have vast experience in performing SAS 70 / SSAE 16 / SOC audits, FISMA, HIPAA HITECH, Sarbanes-Oxley (Section 404) management self-assessments, Model Audit Rule compliance, and other specialized information technology audits.