SOC report content and structure
Area 3: SOC Engagements (15-25%)
Your Progress
0 of 59 questions attempted
Topics
- Management description and assertions
- Complementary user/subservice controls
Study Frameworks
SOC Report Comparison
| Feature | SOC 1 | SOC 2 | SOC 3 |
|---|---|---|---|
| Focus | Controls over financial reporting (ICFR) | Trust Services Criteria (SAPCP) | Trust Services Criteria (summary) |
| Standard | SSAE 18 / AT-C 320 | AT-C 205 | AT-C 205 |
| Audience | User entities and their auditors | Management, regulators, specified parties | General public |
| Distribution | Restricted | Restricted | General use |
| Type I | Design at a point in time | Design at a point in time | N/A (Type II only) |
| Type II | Design + effectiveness over a period | Design + effectiveness over a period | Short-form report based on SOC 2 Type II |
| Typical period | 6-12 months | 6-12 months | Same period as companion SOC 2 Type II |