A SOC2 report is an engagement performed under AT-C section 205 and is based on the existing SysTrust and WebTrust principles. SOC3 report does not contain a description of the service auditor’s test of controls and results. They are intended to provide organizations with a publicly available report, and they are commonly published on websites and in marketing materials. There is limited information contained in these reports, allowing companies to illustrate their accomplishments without disclosing sensitive confidential information.
Organizations whose primary goal is the marketing of their system/product against an industry-approved standard should select this reporting option.