SOC 3 for Service Organizations: Trust Services Criteria for General Use Report

The SOC 3 report is prepared in accordance with the Trust Services Criteria (TSC) issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). Capgemini’s SOC 3 report addresses applicable Trust Services Criteria, including Security, Availability, and Confidentiality.

The assessment is performed under Statement on Standards for Attestation Engagements No. 18 (SSAE 18), an AICPA standard designed to ensure consistency and rigor in attestation engagements. SSAE 18 is closely aligned with the International Standard on Assurance Engagements (ISAE 3402), thereby supporting both U.S. and international assurance requirements.

SOC reporting is performed by Capgemini as a service organization in adherence to the above‑mentioned standards. While SOC 1 and SOC 2 reports are intended for existing clients and distributed on a restricted basis, the SOC 3 report is a general‑use report and may be freely shared with all interested parties.

Capgemini Technology Services undergoes annual, enterprise‑level SOC audits conducted by independent third party to demonstrate assurance over its services. The SOC 3 report provides enterprise‑wide coverage, encompassing multiple services and delivery locations.

SOC 3 reports are issued annually, covering a 12‑month period October 1 of Year 1 through September 30 of Year 2. As a general‑use report, SOC 3 is intended for public distribution and prospective clients, enabling them to gain confidence in Capgemini’s enterprise assurance and control environment.
No additional paperwork or bridge letters are issued in relation to the SOC 3 report.