Yes, there are a number of SOC reporting standards, but the 3 main standards are SOC 1, SOC 2 and SOC 3.
SOC 1 is applicable to service organisations that are involved in services or functions related to financial reporting (e.g., payroll service providers). In almost every case, SOC 1 audits are initiated by a client company’s financial audits. So, unless a client of your organisation has requested a SOC 1 report, you most likely do not need one. Like SOC 2 reports, a SOC 1 report is intended only to be shared with particular interested parties and should not be published publicly.
SOC 3 deals with a similar subject matter to SOC 2 (i.e., information security) however, unlike SOC 1 and 2, a SOC 3 report can be provided to anyone and even published on your organisation’s website. It is, in essence, a ‘slimmed down’ version of a SOC 2 report, without the confidential information (the description of your organisation’s system, tests of controls and the results of those tests) that makes a SOC 2 report too sensitive to be shared publicly.
On our path of growing our business, we have found in URM a very capable and knowledgeable consultancy firm to guide and structure our processes towards SOC 2 compliance. The consultancy by URM played an essential role in building our competences and expanding the compliance framework for our SaaS based propositions.
Scientific data platform
All you need to meet SOC 2 requirements
If your organisation has received a request for a SOC 2 report and is looking to meet all the necessary requirements, URM can offer you informed guidance and practical support.
Find out more
related BLog
Preparing for a Successful SOC 2 Audit
Published on
17 Oct
2025
URM’s blog offers key advice on what to expect from your SOC 2 audit in practice, the types of evidence you will need to provide, how best to prepare, and more.
Read more
Information Security
Published on
29/8/2025
SOC 2 ExplainedURM’s blog answers key questions about SOC 2, including what it is & who it applies to, why it is beneficial, how SOC 2 reports are structured & more.
Read more
"
The whole gap analysis process was very informative for all departments of the business. Our URM consultant was great at explaining the SOC2 audit process and what evidence may be required for each area. As a business, it has really assisted us in our implementation strategy and improving our compliance programme as a whole.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.