In taking some of the domain examines from the official practices tests book, I see there is a SOC 1 Type 1 and Type 2 report. It would make sense that there are also a SOC 2 Type 1 and Type 2 report. Is there a SOC 3 Type 1 and type 2 report? I would think there would not be.
-
Solved CISSP Question about SOC reports.
-
Adam replied:
"Greg,
Thank you for submitting what is an excellent question. You are absolutely correct. There is no type 1 / type 2 report distinction for a SOC 3 report.
A SOC 3 report is an engagement performed under AT section 101, and is also based on the criteria contained in the Trust Services Principles and Illustrations. However, unlike SOC 1 and SOC 2, SOC 3 reports do not contain a description of the auditor's results. SOC 3 reports are considered general use reports and fall under the SysTrust and WebTrust seal programs.
Hope that helps."
Cordially,
Ronnie Wong
Edutainer Manager, ACI Learning [ITPRO]
*if the post has answered the question, mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV. -
Thoughts so.
Thanks for the confirmation.