Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » SOC Reports

SOC Reports

SOC reports, or Service Organization Control reports, are a type of assurance report that organizations can obtain to assure the controls they have in place related to a service they offer. There are 3 types of SOC reports – SOC 1, SOC 2, and SOC 3.

SOC 1 reports relate to controls relevant to user entities’ financial reporting. These reports are intended for use by user auditors as part of their audit of the user entity’s financial statements.

SOC 2 reports relate to controls relevant to a system’s security, availability, processing integrity, confidentiality, and privacy. These reports are intended for use by the service organization’s management and the user organization’s management.

SOC 3 reports are similar to SOC 2 reports, but they are intended for a general audience and do not include the detailed testing and results that are included in a SOC 2 report. SOC 3 reports are designed to ensure the controls are in a form that a general audience can easily understand.

Additional reading

8 Types of Vendor Risks to Identify, Monitor, and Mitigate

TL,DR: Vendor risks include operational, financial, cybersecurity, compliance, reputational, strategic, concentration, and geopolitical exposure. Knowing the risk type helps prioritize controls before vendor issues disrupt business operations. The guide explains practical examples, monitoring methods, and mitigation steps for third-party risk programs. In 2025, over 35% of organizations reported disruptions caused by third-party vendors. The third-party vendor risk…

Vendor Security Assessment: Step-by-Step Guide + Questionnaire 2026

TL;DR January 2022. On of the top-rated identity and access management organizations suffered a data breach impacting 2.5% of its customer base. The hackers infiltrated its sub-processors network and then gained access to the organization’s internal networks. According to a report by Verizon, a staggering 62% of network intrusions are from third parties. The increasing…

ISO 9001:2015, explained clause-by-clause.

The most-adopted quality management standard in the world, in plain English — plus how to actually implement each clause, avoid common audit findings, and keep your QMS healthy between surveillances.

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.