By: Scott Price, Managing Partner of A-LIGN
Answer: Misuse of Service Organization Control (SOC) terminology is a common mishap in the marketplace. When it comes to the use of the SOC logo or seal, many tend to assume the terms mean the same thing (six of one, half a dozen of the other), but in reality they are classified as entirely different entities. Let me explain…
A SOC logo is displayed by service organizations that have successfully completed a SSAE 16/SOC 1 or SOC 2 report from an independent CPA firm. The display of the SOC logo promotes that the service organization completed the audit; although, the use of the report is restricted to the management of the service organization, user entities, and user auditors.
A SOC seal is displayed by service organizations that have successfully completed a SOC 3 or SysTrust report by an independent CPA firm, and as an added benefit, the seal is directly linked to a general use report that is available to the public.