RAC | Your IT Sparring Partner

SOC 1/2/3

SOC stands for Service Organization Control. An SOC report is prepared according to SOC reporting standards and addresses the design, existence and operation of control measures in place with respect to outsourced processes. There are three types of SOC reports, SOC 1, SOC 2 and SOC 3. Each SOC has a different reporting area and is valid until changes occur. As a service provider, you offer assurance about the quality of your services through SOC reporting.

Need more information? Then get in touch by filling out the form below or call us at 085 4000 737.

Check out the various SOC reports below .


The SOC 1 reports on the design and operation of control measures related to an organization's financial reporting. Think of applications or data linked to the financial process. Thus, the financial statements are ultimately the assessment framework for this reporting. This means that all processes are in place to ensure that all data in the financial statements is accurate and complete.


The SOC 2 reports on established principles (Trust Services Criteria) in relation to the design, existence and operation of operational IT controls related to outsourced processes. These include information security and privacy. The Trust Services Criteria (TSP) are: availability, confidentiality, security and process integrity in a service organization.  


If there is a SOC 2 statement, then a SOC 3 statement may be requested. This is an abbreviated version of a SOC 2 report. It briefly shows how the organization achieved a SOC 2 engagement. Thus, it reports broadly on the system descriptions, without naming technical measures. A SOC 3 is primarily intended to demonstrate to current and potential clients that as an organization you have the right controls in place to mitigate risks related to security, availability, privacy and confidentiality of customer information being processed. So a SOC 3 can be shared publicly.