SOC 3 is based on the existing SysTrust and WebTrust principles. Unlike SOC 1 and 2, SOC 3
reports for Google Cloud Platform and
can be freely distributed to the public for general use. Google Cloud undergoes a regular
third-party audit to certify individual products against this standard.
SSAE 16 / ISAE 3402 Type II
The Auditing Standards Board of the American Institute of Certified Public Accountants
created the Statement on Standards for Attestation Engagements No. 16
to keep pace with globally recognized international accounting standards.
SSAE 16 aligns closely with the International Standard on Assurance Engagements 3402
SSAE 16 and ISAE 3402 are used to generate a report by an objective third-party attesting to
a set of statements which an organization asserts about its controls. The Service
Organization Controls (SOC) framework is the method by which the control of financial
information is measured.