SOC 3 reports for public assurance.
SOC 3 covers the same categories as SOC 2 but provides less detail, making it a general-use report that can be freely distributed.
When SOC 3 makes sense
SOC 3 is designed for public trust. Unlike SOC 2, which is restricted to specified parties, a SOC 3 report can go straight on your marketing site trust page or security page — no NDA required. It's the artifact you link to when a prospect asks “are you SOC 2 examined?” before they're ready for the full report.
Relationship to SOC 2
A SOC 3 report is often derived from the same examination as a SOC 2. The engagement work is the same — the difference is in the level of detail disclosed and the distribution rights.
Typical buyer workflow
Many teams use both: SOC 3 on your security page for public assurance, and SOC 2 shared under NDA when customers or their auditors need the full detail during vendor diligence.