Service Organization Control (SOC) 3 reports are to be conducted in accordance with AT Section 101 and prepared using the AICPA and the Canadian Institute of Chartered Accountants (CICA) Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy. Please not that because these are general use reports, SOC 3 Reports can be freely distributed and/or posted on a website via a seal.
The main provisions of the Trust Services Principles are as follows:
- Availability: That the system is available for operation and use as committed or agreed.
- Security: That the system is protected against unauthorized access, both physically and logically.
- Processing Integrity: That System processing is complete, accurate, timely, and authorized.
- Confidentiality: That the information held by an organization is securely protected.
- Privacy: That personal information is protected.
To learn more about Trust Services Principles, Criteria, and Illustrations, visit the Trust Services Principles site.