What is the Relationship

Between SOC 2 and SOC 3?


Guidance for accountants reporting on controls of a service organization relevant to the financial reporting of user organizations was primarily included in SAS 70. This regulation focused on risks related to financial reporting. However, it was often misused for reporting on operations or compliance. The SSAE 16 and ISAE 3402 regulations were established to address these issues.

The AICPA identifies three types of Service Organization Control Reports (SOC): SOC 1 (ISAE 3402 and SSAE 16), SOC 2 (Security, Availability, Processing Integrity, Confidentiality, and Privacy), and SOC 3 (a SysTrust for Service Organizations).

For SOC 3, the AICPA has developed a standard logo.
By offering three types of reports that better meet market needs, the AICPA has effectively addressed several issues that existed with SAS 70.

Share this blog

December 18, 2024

Common cryptographic vulnerabilities Cryptography is often used in the most...

    July 16, 2024

    Detecting and bypassing anti-Adversary-in-the-Middle (AitM) tokens Within the Advanced Red...

      July 15, 2024

      What is XXE (XML eXternal Entity) injection? A lot of...