Definition

Soc 3 (Service Organization Control 3)

Alex DelVecchio, Content Development Strategist

A Service Organization Control 3 (Soc 3) report outlines information related to a service organization’s internal controls for security, availability, processing integrity, confidentiality or privacy. These five areas are the focuses of the AICPA Trust Services Principles and Criteria.

A Soc 3 reports on the same information as a Soc 2 report. The main difference between the two is that a Soc 3 is intended for a general audience. These reports are shorter and do not include the same details as a Soc 2 report, which is distributed to an informed audience of stakeholders. Due to their more general nature, Soc 3 reports can be shared openly and posted on a company’s website with a seal indicating their compliance.

This was last updated in April 2012

Dig Deeper on Cloud Computing SLAs and Legal Issues

What is risk management and why is it important?

By: Linda Tucci
enterprise risk management (ERM)

By: Dave Shackleford
Should IT use Apple Business Manager without MDM?

By: Reda Chouffani
Building an effective security operations center framework

By: Johna Johnson

Related Terms

Dig Deeper on Cloud Computing SLAs and Legal Issues

What is risk management and why is it important?

enterprise risk management (ERM)

Should IT use Apple Business Manager without MDM?

Building an effective security operations center framework