SOC 1 – Type 2 report covering internal controls over financial reporting systems
These reports, prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors) in evaluating the effect of the controls at the service organization on the user entities’ financial statements.
SOC 2 – Type 2 report covering Security, Availability, Integrity, Confidentiality, and Privacy
These reports are intended to meet the needs of a broad range of users that require detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:
- Oversight of the organization
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
SOC 3 – Public report of Security, Availability, Integrity, Confidentiality and Privacy controls
These reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy but do not have the need for or the necessary knowledge to make effective use of a SOC 2® Report. Because they are general use reports, SOC 3® reports can be freely distributed.
PCI – Validation of controls around cardholder data to reduce credit card fraud
Created in 2006 by the Payment Card Industry Security Standards Council, this certification was initially formed by the American Express, Discover, JCB, MasterCard, and Visa networks.
The main objective of PCI Compliance is to guarantee the security of sensitive data in financial transactions using cards, which take place in a virtual environment.
Because of this, the PCI DSS certification is mandatory for all companies that process, store, and transmit credit and / or debit card data over the internet.