If your organization has committed to the security, availability, processing integrity, confidentiality, and/or privacy of your services, then a SOC 2 is a relevant examination.
The security category is the required category for all SOC 2 reports. The security category contains criteria that each service organization must consider and identify their controls in place to address that criteria. There is no checklist or required controls in the SOC 2 framework.
A SOC 3 is meant to be a general use report, can be posted on your website, but can only be issued after a SOC 2 – Type II examination has been completed. FD can guide you on the applicable categories and criteria that you should address in your SOC 2 examination, whether a SOC 3 would be beneficial and how it should be edited for public use, and assist you in evaluating the adequacy of controls in place at your organization to address the applicable criteria.