We’ve provided all types of SOC services since the emergence of the brand back in 2011, and over the years, we’ve often received questions specifically about the difference between SOC 2 and SOC 3 reports. Whether or not you work with us on these services, you deserve to know which option is best for your organization and why.

Picture this: you’ve just finished a race.

“How much time do you have?”

Back when it first emerged in 2011, having evolved from SOX and SAS 70 in the wake of devastation caused by Enron, SOC wasted no time becoming the new market standard for compliance reporting, and it’s partly thanks to its flexibility that it remains such a staple.

You know this story.

If you’ve decided to try for compliance, you might already know that, given how much this space has evolved in just the last 20 years, there are a lot of ways to do that.

Imagine this, it's a late Wednesday afternoon and you are wrapping up your previous SOC engagement while simultaneously working on your current engagement. A check of your upcoming schedule reveals that next week, yet another SOC engagement for a client in your area looms. Juggling multiple engagements can be tricky, but must less so if there’s a tried and true process that’s become routine. Here are five easy steps to help an auditor prepare for a SOC engagement.

As you likely know, there are different System and Organization Controls (SOC) report options, such as SOC 1 and SOC 2/SOC 3. What may be lesser known is that within those SOC report options, there are also different types, referred to as Type 1 and Type 2. In other words, the specific use of “Type” as a distinguisher are different specified options for both the SOC 1 and SOC 2 reports.