A SOC 3 report is a general use report of the SOC 2 reports which covers how a company safeguards customer data and how well those controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology services. These reports are issued by independent third party auditors covering the principles of Security, Availability, Confidentiality, and Privacy.
What’s the primary purpose of this initiative?
Provides an independent assessment of OneLogin’s security and privacy control environment. The assessment is designed to meet the needs of users who require assurance about the controls at a service organization.
What’s the scope?
The OneLogin’s SOC 3 scope is the same as our SOC 2 Type which covers the AICPA’s Trust Services Principles and Criteria for Security, Availability, Confidentiality, and Privacy.
How often are you evaluated/audited?
Audits are performed annually along with the SOC 2 Report and a report covering January through December is issued in February.
Who is the primary audience?
Customers and relevant third parties with a business need.