| SOC 1 – Report on controls at the service organization relevant to the user entities’ internal control over financial reporting. i.e. If an organization was considering outsourcing payroll processing to AEP, they would want to obtain and inspect a SOC 1 (type II) report.
SOC 2 – Report based on the existing SysTrust and WebTrust principles. The purpose is to evaluate an organization’s information systems relevant to security , availability, processing, integrity, confidentiality and privacy. i.e. If an organization is looking for a colocation, this is the type of report they would most likely request. SOC 3 – Report, like the SOC 2, is based on the existing SysTrust and WebTrust principles. The difference being, the report does not detail the testing performed. This report is often used for mass knowledge or marketing. i.e. Google Docs. |
Copyright © 2024 IS Security Solutions | Powered by IS Security Solutions
Disclaimer statement
Privacy Policy
Shopping Cart
