SOC logos are available for use by service organizations that have undergone a SOC 1 (formerly SSAE 16), SOC 2, or SOC 3 engagement within the prior 12 months.
Frequently there is a discussion from service organizations regarding which of these an organization should complete. Many service organizations get a significant amount of requests related to information technology controls and security. The requests come in different forms, whether it be for SAS 70 reports (changing to SSAE 16 reports after June 15, 2011), completed questionnaires, and sometimes for on-site audits by the user organizations. Some of the pros and cons of each are briefly described below.