SOC 3 Report – WebTrust and SysTrust

The SOC 3 Report , just like SOC 2, is based upon the Trust Service Principles and performed under AT101, the difference being that a SOC 3 Report can be freely distributed (general use) and only reports on if the entity has achieved the Trust Services criteria or not (no description of tests and results or opinion on description of the system). The lack of a detailed report requires that a SOC 3 be performed as a Type II, unlike SOC 1 and SOC 2 where there is a Type I option. SOC 3 reports can be issued on one or multiple Trust Services principles (security, availability, processing integrity, confidentiality and privacy) and allow the organization to place a seal on their website upon successful completion.

The Trust Service Principles were designed with a focus on e-commerce systems due to the amount of private/confidential/financial information that flows across the internet daily. When a customer processes a transaction (online retailer), builds a business on your service (SaaS providers), or submits private information, they want to know best practices are being followed by the company to guard against security leaks, lost sales, and damaged data. The most common reports based upon the trust principles are referred to as WebTrust and SysTrust.

The SysTrust review encompasses a combination of the following principles:

  • Security: The system is protected against unauthorized access (both physical and logical).
  • Availability: The system is available for operation and use as committed or agreed.
  • Processing Integrity: System processing is complete, accurate, timely, and authorized.
  • Confidentiality: Information designated as confidential is protected as committed or agreed.

The WebTrust certification can fall into the following four categories:

  • WebTrust. The scope of the engagement includes any combination of the trust principles and criteria .
  • WebTrust Online Privacy. The scope of the engagement is based upon the online privacy principle and criteria.
  • WebTrust Consumer Protection. The scope of the engagement is based upon the processing integrity and relevant online privacy principles and criteria.
  • WebTrust for Certification Authorities. The scope of the engagement is based upon specific principles and related criteria unique to certification authorities.

66 comments

  1. By after reading your post I've come to know some delightful knowledge about the future education system.Such kind of concept is able give us a clear idea about our nation. I hope in future you'll gives me as well as more information like this Continued

  2. Nice stuff of information keep it update us.

  3. Amazing Publish! your post is not only interesting but pretty much informative too.

    Thanks.

  4. What a nice blog…I am really very impressed to read this..Thanks to admin for posting this nice blog

  5. Looking for the best essay writing company on the web and your site is very handy to me. I hope this site helps me a lot. Please, click here buy an essay to get more idea about the writing services.

  6. I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often. You write with a passion that many others lack is what I believe. Interesting I must say..:)

  7. Simply, happy to know your writing concept that you've share is here about the technology. I hope, such kind of concept help us a lot to build-up a strong nation in future for over the world.

  8. Thanks for a awesome post and interesting comments. I found this post while looking for some great lyrics. Thanks for sharing.

  9. You can be aside with an all-important discussion next using it’s time to visit, your automobile techniques are typically nothing at all are offered.
    stretchmarkscreamsreviews.org