Do cloud vendors have SAS 70 or the new SOC 1,2,3 internal control reports to provide to firms assessing a move to cloud?

Statement on Auditing Standards No.70 (SAS 70) is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) in 1992. It is used to report on the "processing of transactions by service organizations", which can be done by completing either a Type I or a Type II audit. A SAS 70 Type I is known as "reporting on controls placed in operation", while a SAS 70 Type II is known as "reporting on controls placed in operation" and "tests of operating effectiveness". Service Organization Control (SOC) Reports, effectively known as SOC 1, SOC 2, and SOC 3 Reports, are internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service. Service Organization Control (SOC) Reports are effectively replacing the long-standing Statement on Auditing Standards No. 70 (SAS 70). These new Service Organization Controls (SOC) reports address the evolving issues about SAS 70 and provide a more effective framework for providing assurance of controls in a service organization. These are based on technical standards of Statement on Standards for Attestation Engagements (SSAE) No. 16 and Trust Services, both adopted recently. SOC-1 is related only to ICFR, SOC-2 is related to controls over security/systems and privacy, and SOC-3 is related to controls over the same.
For more information, click here –
http://www.myrealdata.com/