SOC 2, 3 Assessments

SOC, or Service Organization Control  is a cybersecurity compliance framework developed by the American Institute of Certified Public Accountants (AICPA). SOC  a final look at your organization's documents, policies, processes, and vulnerabilities before your formal audit takes place. SOC is  a process that allows organizations to identify and evaluate their information system-related risks. 

• SOC 1: It is mainly focusing on  business process controls and IT general controls, SOC 1: is essential for organizations needing compliance with SOX (Sarbanes-Oxley Act of 2002) and other regulatory applicable to publicly traded companies 
• SOC 2:  There are five trust services criteria (TSC) that can be included in a SOC 2 report: security, availability, confidentiality, processing integrity, and privacy.  that is why it is tailored for Services organizations. IT assures your clients your commitment to  SLAs. SOC 2 has two types:
  •  Type 1 (point-in-time evaluation)
  • Type 2 (evaluation over a period), 
• SOC 3: is similar to SOC 2 but they are general purposes. SOC 3 can be publicly distributed  by your organizations to border audience to gain trust of your service organization. SOC 3 cannot be assessed without going through SOC 2 assessments