SOC 3 reports are a very important component of reporting on controls at service organizations, with many technology entities now moving forward with SOC 3 compliance. The five (5) Trust Services Criteria (TSP) that are used for reporting on SOC 3 allow service organizations to demonstrate a high degree of confidence to stakeholders regarding the risks inherent to their environments, as well as the controls in place to address those risks.
SOC 3 reporting, because of its rather large scope (you can include all 5 TSP) and its applicability to many technology and cloud-computing businesses, will continue to evolve as a viable reporting option when SOC 1 (or even SOC 2) is not conducive. Please contact us at 1-800-277-5415, ext. 706 to speak with Christopher G. Nickell, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. today.
NDNB also offers comprehensive SOC 1 and SOC 2 audits for businesses using Amazon AWS, Microsoft Azure, and Google GCP. And if you're using AWS for hosting of your production environment, here's what you need to know NOW about SOC 2 audits.
WebTrust
Please note that the actual WebTrust assurance platform is designed for businesses with e-commerce systems, as this allows a licensed practitioner to report on an organization's framework and supporting controls regarding online privacy (i.e., the "Privacy" TSP), consumer protection (i.e., the "Processing Integrity" TSP), and other essential principles within the TSP.
Thus, a WebTrust Certification (or seal) is provided to an organization who successfully adheres to the WebTrust assurance services, for which interested parties can view the seal, along with clicking the link embedded from the AICPA within the seal to view the supporting audit report.
SysTrust
SysTrust, on the other hand is more broad-based, and provides a platform suitable for reporting on a wide variety of I.T. systems within an organization. Specifically, SysTrust assurance services are designed to cover the following subject areas:
- SysTrust Security
- SysTrust Processing Integrity
- SysTrust Availability
- SysTrust Confidentiality
- SysTrust System Reliability: Combines the SysTrust Security, Processing Integrity and Availability engagements
- Generic SysTrust Seal: Spans one or more combinations of any SysTrust engagements listed above