Definition

Soc 3 (Service Organization Control 3)

Alex DelVecchio, Content Development Strategist

A Service Organization Control 3 (Soc 3) report outlines information related to a service organization’s internal controls for security, availability, processing integrity, confidentiality or privacy. These five areas are the focuses of the AICPA Trust Services Principles and Criteria.

A Soc 3 reports on the same information as a Soc 2 report. The main difference between the two is that a Soc 3 is intended for a general audience. These reports are shorter and do not include the same details as a Soc 2 report, which is distributed to an informed audience of stakeholders. Due to their more general nature, Soc 3 reports can be shared openly and posted on a company’s website with a seal indicating their compliance.

This was last updated in April 2012

Dig Deeper on Cloud Computing SLAs and Legal Issues

What is risk management and why is it important?

By: Linda Tucci
Should IT use Apple Business Manager without MDM?

By: Reda Chouffani
IT governance must catch up with DevSecOps, experts say

By: Beth Pariseau
AWS Control Tower aims to simplify multi-account management

By: Stephen Bigelow

Related Terms

Dig Deeper on Cloud Computing SLAs and Legal Issues

What is risk management and why is it important?

Should IT use Apple Business Manager without MDM?

IT governance must catch up with DevSecOps, experts say

AWS Control Tower aims to simplify multi-account management