The reports of controls called SOC1, SOC2 and SOC3.

The SOC1 report specifically addresses the internal controls of the service provider relevant to the financial statements of its customers and aims to basically establish communication between the auditors of the service providers and companies. your client companies.

SOC 2 is an audit report on controls related to one or more of the following areas: security, availability, processing integrity, confidentiality and privacy. The scope of the report varies depending on which of these attributes the service provider decides to include. SOC 2 audits are performed against American standards.

SOC 1 and SOC 2 reports can be either Type 1 or Type 2. A Type 1 report is restricted to an assessment of how security controls are designed. It does not include an assessment of the effectiveness with which the controls are operating. A Type 2 report includes an assessment of the design and operational effectiveness of security controls.

SOC 3 presents information on aspects of security, privacy, availability, confidentiality and integrity in processing, in accordance with the Trust Services Principles and Criteria established by AICPA and the Canidian Institute of Chartered Accountants (CICA). SOC3 reports can be associated with registered trademarks of these institutes called SysTrust® and WebTrust® and posted on a website.