Not all SOC reports are created equal—and not all compliance frameworks serve the same purpose. This section of the SOC 2 Hub breaks down the differences between SOC 1, SOC 2, and SOC 3, and explores how SOC 2 stacks up against other standards like ISO 27001 and HIPAA.
You’ll also find clear guidance on the difference between Type I and Type II SOC 2 reports, who each is for, and how to choose the right report based on your service offering, clients, and audit readiness.
Whether you’re deciding which report your organization needs, or helping clients navigate their options, this section gives you the clarity you need to move forward with confidence.
Which SOC Type Is Right for You?
Not sure which SOC report you need? This article explains the differences between SOC 1, SOC 2, and SOC 3—what they cover, who uses them, and how to choose the right one for your business or clients.
What is SOC 1?
SOC 1 reports focus on financial controls and are essential for companies that process or impact financial data. Learn what a SOC 1 audit includes, who needs it, and how it differs from SOC 2.
What is SOC 3?
A SOC 3 report is a simplified, public version of SOC 2—ideal for sharing with customers and prospects. Find out what’s included, when to use it, and how it can support your sales and marketing efforts.
SOC 1 vs SOC 2: Key Differences
SOC 1 and SOC 2 are often confused—but they serve very different purposes. This guide compares them side by side to help you decide which one your organization really needs.
SOC 2 vs SOC 3: Which to Choose?
Should you stick with SOC 2 or add a SOC 3 for public use? This article outlines the differences in audience, content, and use cases so you can confidently choose the right path.