These reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to security, availability, processing integrity confidentiality, or privacy, but do not have the need for or the knowledge necessary to make effective use of a SOC 2 Report. Because they are general use reports, SOC 3 reports can be freely distributed.

A SOC3 reports follows a similar approach to SOC2, except that the controls are not described in detail. Also unlike a SOC2 report which is essentially an auditor to auditor communication, SOC3 reports can be freely distributed and can be publicly shared.