What is SOC 3?
You can think of a SOC 3 report as a redacted SOC 2 report; the SOC 3 report summarizes the material of a SOC 2 report, but it excludes details of the testing that was performed and those tests’ results. A SOC 2 report must have been written to receive a SOC 3 report.
SOC 3 reports can be posted on your website, while SOC 2 reports can only be shared with an NDA.
View Drata Glossary
Learn more about other compliance and cybersecurity concepts in our glossary.