Some of our clients occasionally ask us when it is a good idea to get a SOC 3 report. The answer for most companies is that a SOC 3 is not necessary.
Recently, the AICPA has started referring to SSAE 16 reports as SOC 1 reports. SOC stands for service organization control reports. Not to be confused with SOX, which most know is an acronym for the Sarbanes-Oxley Act of 2002. In any case, the AICPA is trying to simplify the many different types of reports service […]