SOC 3 isn’t an of upgrade over the SOC 2 report. It may have some of the components of SOC 2; still, it is entirely a different ball game. SOC 3 is a public facing summarized report of a SOC 2 Type 1 or 2 report. It is not as detailed as SOC 2 internal report. The SOC 3 report is a less technical and detailed audit report with a seal of approval which can be put up on your company’s website. Because it is less detailed and less technical, it might not contain the same level of internal details about business processes and operational controls as one might require for a deep dive into all security controls.  A SOC3 is often created from a SOC2 report for external consumption by 3rd parties and clients. 

Can I request a SOC Report from a Provider?

Yes, and you should. Any business should request and analyze a SOC report from prospective vendors. It’s a valuable piece of information to verify adequate controls are put in place and that the controls actually work effectively.

Source: InfoSecurity Magazine

Related Terms: SOC 1, SOC 2

What does this mean for an SMB?

SOC 3 reports are great to show off on your business website to verify the work that has been done around SOC 1-2. The issue with SOC audits is how expensive they are. Starting prices are approximately $20,000-$30,000 for a typical mid-sized business with 100 employees. SOC audits are beneficial if you can afford to conduct one, however, a strong defense-in-depth cybersecurity program needs to already exist to be audited.
CyberHoot helps many businesses build a robust cybersecurity program. Our assessment surveys help you identify gaps in your cybersecurity program. We develop employees to become more aware and more secure through governance policies, phish testing, dark web reporting, and awareness training programs.  Finally, CyberHoot’s dashboard has all the metrics you need to show auditors looking to verify your employees have signed off on policies and taken their awareness training.

To learn more about SOC 3, watch this short video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.