#1: What Is the Difference Between SOC 1, 2 and 3?
The Service Organization Control (SOC) is a standard of compliance that has three types of certification, aptly named SOC 1, SOC 2 and SOC 3.
SOC 1 is primarily meant for banks, investment firms and other such companies that house financial data, and SOC 2 is for non-financial companies that house or process data, which could happen to be financial or otherwise. It’s this latter certification that software and cloud providers often use to verify their technology controls and processes. Auditors for the SOC frameworks check to be sure of security, accessibility and data protection, using The American Institute of CPAs (AICPA) as their background for standards and Trust Principles.
SOC 3 stands apart from the other certifications, because it doesn’t focus on validating controls and operations. It’s intended for more general purpose disclosures and public visibility (as they don’t typically include confidential info), auditing organizations under the SysTrust and WebTrust seal programs. This certification is usually ideal for organizations that simply want to market a product in comparison to marketplace standards.
Source: DRJ New feed