Appendix BComparison of SOC for Supply Chain, SOC 2®, and SOC for Cybersecurity Examinations and Related Reports
The following table compares a SOC for Supply Chain examination and related report with a SOC 2® examination and a SOC for Cybersecurity examination and related reports. Within the columns, certain text is set in bold to highlight key distinctions between the three types of examinations and related reports.
| SOC for Supply Chain Examination | SOC 2® Examination1 | SOC for Cybersecurity Examination2 | |
| What are the types of organizations for which an examination may be performed? | An entity3 that produces, manufactures, or distributes products | An organization, or segment of an organization, that provides services to user entities (a service organization) | Any type of organization |
| Is the examination designed to be performed at a system level or at an entity level? | Generally, the examination is performed on an entity's system or systems that produce, manufacture, or distribute products. | Generally, the examination is performed on a system or systems that provide services. | Generally, the examination is performed on an entity‐wide cybersecurity risk management program, although the scope may be narrowed to a specific system, business unit, or function of the entity. |
| What is the purpose of the report? | To provide specified users (who have sufficient knowledge and understanding of the ... |
Get SOC for Supply Chain now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
