MFA Interior Header - Services
Home > Services > Audit and Assurance Services > Service Organization Control (SOC) Reports > SOC 3 Reports
Tax Planning and Compliance Services  
Audit and Assurance Services  
U.S. and International Audits
Public Company Audits
Reviews and Compilations
Employee Benefit Plan Audits
SAS 70 and SSAE 16 Audits
Service Organization Control (SOC) Reports  
SOC 1 Reports
SOC 2 Reports
SOC 3 Reports
Bank Examinations
Broker-Dealer Audits
RIA Surprise Examinations
Specialty GAAP Advisory Services  
Transaction Advisory Services  
Public Company Services
MFA Affiliate Company Services  

SOC 3 Reports


| More

A SOC 3 report is essentially a scaled down version of a SOC 2 report.  Like a SOC 2 report, a SOC 3 report is prepared in accordance with the AT Section 101 attest standard and uses the predefined criteria in Trust Service Principles and Criteria.  The primary difference between a SOC 2 and a SOC 3 report is that a SOC 3 report does not include a description SOC Logo - Formerly SAS 70of the service organization’s system nor does it contain any information on testing.  It merely provides the auditor’s opinion on whether the service organization maintains effective controls over its systems.

Purpose and Intended Audience

SOC 3 reports are intended for general use — they can be freely distributed and can be publicly promoted with the AICPA SOC 3 seal on a service organization’s website.  As such, this makes SOC 3 reports the ideal marketing tool to demonstrate to current and prospective customers that a service organization has the appropriate controls in place to mitigate risks related to the security, availability, privacy and confidentiality of customer information being processed.  In the case of Internet retailers and affiliate companies who sell goods and services on behalf of the Internet retailer and use the Internet retailer’s transaction processing systems to do so, the affiliate company can utilize the Internet retailer’s SOC 3 report to address the concerns of current and prospective customers with regard to the security and privacy of their information.

SOC 3 Report

Controls Reported On

- Non-financial controls related to compliance and operations at a service organization

- Addresses one or more of the following key system attributes – security, availability, processing integrity, confidentiality or privacy

Report Purpose

- Service organization to general public communication

- General use report

- Can be freely distributed / promoted with the AICPA SOC 3 seal on the service organization’s website

Intended Audience

- General public

Standards Under Which Engagement is Performed

- AT 101, Attestation Engagements

 

MAIN LINKS
RELATED LINKS
SOCIAL NETWORKS
AFFILIATES
CONTACT US
1 Highwood Drive
Tewksbury, Massachusetts 01876
P (978) 557-5300
F (978) 685-2333


Contact Us

Copyright ©2012 MFA - Moody, Famiglietti & Andronico, LLP All rights reserved.