The AICPA overhauled the old SAS70 report with three new SOC reports. While SOC 1 report
addresses controls relevant to user entities’ financial reporting (SSAE 16), both SOC 2 and SOC 3 reports are
designed to help your user entities gain confidence and place trust in your organization’s systems by addressing five
Trust Services Principles: security, availability, process integrity, confidentiality, and privacy. The primary difference
between SOC 2 and SOC 3 is that SOC 2 is typically addressed to (and used by) user entities and their auditors while SOC 3 is
designed for general distribution.