System and Organization Controls 3
Date Published
2011
Category
Information Security
Description
SOC 3 is a public report that provides a summary of a service organization's internal controls over security, availability, processing integrity, confidentiality, and privacy. Unlike SOC 2, which provides detailed information about these controls for specific stakeholders, SOC 3 is designed to be shared with the public to demonstrate that the organization meets trust service principles without disclosing sensitive details.
Overview
SOC 3 is intended for service organizations that want to publicly demonstrate their commitment to security, availability, and privacy without disclosing the detailed audit reports provided in SOC 2. Its purpose is to provide a high-level, publicly shareable certification of compliance with trust service principles.
Related Information Security Frameworks
APPs
Australian Privacy Principles
Information Security
Learn More
CJIS
Criminal Justice Information Services Security Policy
Information Security
Learn More
CMMC
Cybersecurity Maturity Model Certification
Information Security
Learn More
COBIT
Control Objectives for Information and Related Technologies
Information Security
Learn More
EN 303 645
EN 303 645 Standard
Information Security
Learn More
FedRAMP
Federal Risk and Authorization Management Program
Information Security
Learn More