SOC 3 Audits: SOC 3 audits are audits of internal controls of a service organization in accordance with The AICPA/Canadian Institute of Chartered Accountants (CICA) Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy. Unlike SOC 2 reports, a SOC 3 Audit is generally done by a service organization to measure their level of adherence to the Trust Services Principles to market themselves to potential users. The principles that can be selected for testing by the service organization are the same as SOC 2 audits:

  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy

These reports are not restricted and can be freely distributed for marketing purposes. Because of the general use nature of these reports, audit procedures performed are usually more extensive and involved. SOC 3 audits may also require the audit of the service organization’s vendors.


Obtaining a SOC 3 audit report will not only help promote trust with current customers, but can also effectively differentiate a company from that of other competitors and give the boost a company may need to generate new business from prospective customers. SOC 3 reports can also be publicly presented on a company’s website.

To learn more about SOC 3 audits in St. George, Salt Lake City, Moab, and Spanish Fork, Utah, please contact our Larson & Company office closest to you.