Yes, there are a number of SOC reporting standards, but the 3 main standards are SOC 1, SOC 2 and SOC 3.
SOC 1 is applicable to service organisations that are involved in services or functions related to financial reporting (e.g., payroll service providers). In almost every case, SOC 1 audits are initiated by a client company’s financial audits. So, unless a client of your organisation has requested a SOC 1 report, you most likely do not need one. Like SOC 2 reports, a SOC 1 report is intended only to be shared with particular interested parties and should not be published publicly.
SOC 3 deals with a similar subject matter to SOC 2 (i.e., information security) however, unlike SOC 1 and 2, a SOC 3 report can be provided to anyone and even published on your organisation’s website. It is, in essence, a ‘slimmed down’ version of a SOC 2 report, without the confidential information (the description of your organisation’s system, tests of controls and the results of those tests) that makes a SOC 2 report too sensitive to be shared publicly.
From beginning to end URM made achieving PCI compliance incredibly easy & worked with us to educate us on the requirements. They were always available for a call whenever we needed to discuss queries along the way & were always flexible to our internal deadlines. We would highly recommend URM from a consultancy & auditing perspective.
Prize competition business
All you need to meet SOC 2 requirements
If your organisation has received a request for a SOC 2 report and is looking to meet all the necessary requirements, URM can offer you informed guidance and practical support.
Find out more
related BLog
SOC 2 Explained
Published on
27 Mar
2025
URM’s blog answers key questions about SOC 2, including what it is & who it applies to, why it is beneficial, how SOC 2 reports are structured & more.
Read more
"
I thought the training was very good. It was clear and logical. The trainer was very knowledgeable, approachable and friendly, which makes it easy to stop and ask questions or to clarify a point. I was particularly impressed by his explanation of why we need to be mindful of the language we use and what the standard is actually asking for; most of it is common sense, but understanding what it actually means and what is required is key, so that really resonated with me.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.