Service Organization Reports Comparison | SOC 1 | SOC 2

Service Organization Reports Comparison: SOC 1, SOC 2, SOC 3

The chart below provides the alternative name, typical industries subject to, criteria to evaluate, components of the report, users of the report, and the necessity of a seal of completion for the Organization Reports: SOC 1, SOC 2, SOC 3.

Feature	SOC 1	SOC 2	SOC 3
Alternate Name	SSAE 16	AT 101	Trust Services
Companies Typically Subject To Examination	Service Organizations which affect the internal control over financial reporting of their User Entities.	Service Organization which provides an outsourced service but does not affect the internal control over financial reporting of their User Entities.	Service Organization which provides an outsourced service but does not affect the internal control over financial reporting of their User Entities.
Criteria to Evaluate Service Organization	No Predefined Criteria	Predefined Criteria such as Trust Services, ISO/IEC can be used.	Predefined Trust Services Criteria
Components of Report	1. Auditors report 2. Detail system description 3. Management assertion 4. Management controls 5. Auditor tests of controls and results of those tests – control objectives	1.Auditors report 2.Detail system description 3.Management assertion 4.Management controls 5.Auditor tests of controls and results of those tests – criteria	1.Auditors report 2.Detail system description 3.Management assertion
Intended Users of Report	Service Organization Management, User Entity Management, User Entity’s Auditors (Restricted Use Report)	Generally Service Organization Management and User Entity Management (Restricted Use Report)	Anyone (General Use Report)
Seal Issued Upon Completion of Engagement	No Seal Issued	No Seal Issued	Seal Issued Which Can Publicly Appear on Service Organization Website