SOC 3

A SOC 3 (System and Organization Controls 3) report is a formal document that provides assurance about the controls at a service organization relevant to the security, availability, processing integrity, confidentiality, or privacy of the information processed for the users. Unlike its counterpart, the SOC 2 report, which is detailed and intended for a limited, knowledgeable audience (e.g., auditors, compliance officers), the SOC 3 report is designed for a broader audience, such as customers, stakeholders, or the general public, and does not include the detailed description of the testing, results and possible confidential information found in a SOC 2 report.

The SOC 3 report is based on the Trust Services Criteria developed by the American Institute of Certified Public Accountants (AICPA). It provides a summary of the service organization's system and the effectiveness of the controls in place to address one or more of the five trust service principles: security, availability, processing integrity, confidentiality, and privacy. However, it does so in a more general format without the detailed controls and test results, making it a less technical document compared to SOC 2.

Xano's SOC 3 report is here to provide assurance to a wide range of users or the public about our commitment to maintaining a high standard of controls over the information we process, and demonstrate our dedication to high standards of security and operational integrity.