What is a SOC 3 Report?
If your company provides specific services to customers, you want your customers to feel that they are working with a reliable organization that can be trusted to keep their data and information secure and confidential at all times. SOC 3 reports offered by I.S. Partners, LLC are attestation engagements performed by a certified public accountant that give the assurance that your service organization has a system of controls in place to adhere to the 5 Trust Services Principals of Security, Availability, Processing Integrity, Confidentiality, and Privacy for all shared data and information. A SOC 3 report can be issued for any one or all five trust services principles.
What is the difference between a SOC 3 and a SOC 2 report?
A SOC 3 report covers the same predefined criteria as a SOC 2 report, but provides only the auditor’s report on whether the system achieved the trust services criteria, and does not provide a description of tests and results or opinion on the description of the system. The SOC 3 is a general-use report that permits the service organization to use the SOC 3 seal on its website. A SOC 2 report is restricted to use by existing user entities and their auditors, not for potential customers.
How do I use the SOC 3 report to help my customers?
A SOC 3 report from I.S. Partners, LLC can give your customers the assurance that the information and data they give to your company will be kept secure and confidential. The report will show them that your service organization has been audited by an unbiased, third-party CPA firm, and that your service organization’s controls are suitably designed and effectively meet control objectives. In addition, your service organization will be able to display a SOC 3 logo from the American Institute of Certified Public Accountants (AICPA) on your website as a way to market your services. I.S. Partners’ auditors have extensive experience in performing these audits.
The SOC 3 Seal of Excellence
The SOC 3 seal is granted in accordance with the same standards as SOC 2, and is illustrated on a general-use report that provides only the auditor’s report on whether the system achieved the trust services criteria (no description of tests and results or opinion on the description of the system.) The auditor’s report and seal may be posted on the recipient’s website and marketing materials.