In taking some of the domain examines from the official practices tests book, I see there is a SOC 1 Type 1 and Type 2 report. It would make sense that there are also a SOC 2 Type 1 and Type 2 report. Is there a SOC 3 Type 1 and type 2 report? I would think there would not be.
-
CISSP Question about SOC reports.
-
Adam replied:
"Greg,
Thank you for submitting what is an excellent question. You are absolutely correct. There is no type 1 / type 2 report distinction for a SOC 3 report.
A SOC 3 report is an engagement performed under AT section 101, and is also based on the criteria contained in the Trust Services Principles and Illustrations. However, unlike SOC 1 and SOC 2, SOC 3 reports do not contain a description of the auditor's results. SOC 3 reports are considered general use reports and fall under the SysTrust and WebTrust seal programs.
Hope that helps."
-
Thoughts so.
Thanks for the confirmation.