SOC reports

More Terms

HIPAA
ISO 27001
GRC
SOC reports
SOC 1
SOC 2
SOC 3
SSAE 16
SSAE 18
AICPA
SOC 2 auditor
SOC Trust Services Criteria
Compliance risk management
IT security policy
Vendor management policy
Vendor review
Vendor assessment
Security questionnaire
Compliance software
HIPAA employee training
HIPAA Rules
ISO27001 security standard

What is a SOC report? A service organization controls (SOC) report is a way to verify that an organization is following specific best practices related to protecting their clients’ data before you outsource a business function to that organization.

These best practices are related to finances, security, processing integrity, privacy, and availability. The reports, which are created and validated by third-party auditors, are built to provide independent assurance and to help potential customers/partners understand any potential risks involved in working with the organization that was evaluated.

You may decide to pursue a SOC report because you’re working to sign on a client who values security, or your own company works with sensitive data and you want to be proactive in setting up security controls.

Depending on the information needed and the types of organizations involved, there are several versions of SOC reports.

SOC 1, SOC 2 & SOC 3

You may also hear “SOC” referring to a security operations center. That’s a separate definition and meaning that doesn’t impact your compliance obligations.

Go back to glossary

Everything you need to get compliance audit ready, fast

Get Started
About
Careers
Glossary
Privacy PolicyTerms & Conditions
Vanta Inc. © -
We'll email you within 24 hours
Please enter your first name
Please enter your last name
Please enter a valid email address
Please enter your company website
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.