The various Service Organization Control (SOC) Reports
- SOC 1 Report ( same as SAS 70 type 1 and 2) : In SOC 1 controls are self-defined , No certification seal is offered.SOC 1 utilizes the AICPA SSAE 18 Attestation Standard (AT) 801 professional standard for issuing such reports. SOC 1 is generally geared towards service organizations with internal controls relating to financial reporting.
- SOC 2 Report – Trust Services Report: This report is technical, and distribution restricted to only management-Standardized control. SOC 2 uses AT 101 professional standard. SOC 2 is for technology-oriented service organizations -Cloud Service Provider.
- SOC 3 Report – Trust Services Report: This report is not technical. Because they are general use reports, SOC 3 reports can be freely distributed or posted on a website- Standardized control-Certification seal
Main Page: http://ssae18.com/SSAE18_overview.html
Check the SSAE folder on your USB for the SSAE 18 Test Plan and more Information on the principle and criteria