What is the Relationship

Between SOC 2 and SOC 3?


Guidance for accountants reporting on controls of a service organization relevant to the financial reporting of user organizations was primarily included in SAS 70. This regulation focused on risks related to financial reporting. However, it was often misused for reporting on operations or compliance. The SSAE 16 and ISAE 3402 regulations were established to address these issues.

The AICPA identifies three types of Service Organization Control Reports (SOC): SOC 1 (ISAE 3402 and SSAE 16), SOC 2 (Security, Availability, Processing Integrity, Confidentiality, and Privacy), and SOC 3 (a SysTrust for Service Organizations).

For SOC 3, the AICPA has developed a standard logo.
By offering three types of reports that better meet market needs, the AICPA has effectively addressed several issues that existed with SAS 70.

Share this blog

Copy link

Other Related Blogs

July 16, 2024

Detecting and bypassing anti-Adversary-in-the-Middle (AitM) tokens

Detecting and bypassing anti-Adversary-in-the-Middle (AitM) tokens Within the Advanced Red...

    July 15, 2024

    What is XXE (XML eXternal Entity) injection?

    What is XXE (XML eXternal Entity) injection? A lot of...

      July 5, 2024

      Is the local administrator’s password reused in your environment?

      Is the local administrator’s password reused in your environment? The...