There are three main SOC reporting frameworks: SOC 1, SOC 2, and SOC 3. SOC 1 is focused on ‘Internal Control over Financial Reporting’ and is relevant for organizations that impact their clients’ financial statements. SOC 2 is focused on ‘Trust Services Criteria’âSecurity, Availability, Processing Integrity, Confidentiality, and Privacyâmaking it the standard for technology and cloud companies. SOC 3 is essentially a simplified, public-facing version of the SOC 2 report. While SOC 2 reports are detailed and restricted to existing customers under an NDA, a SOC 3 report is a general-use document that can be posted on a website or used for marketing to show that the company has passed its security audit.
