SOC 1 audits focus on controls that affect financial statements. The auditor must comply with the SSAE 18 attestation standard. The auditor must also comply with AT-C section 320 “Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting” and the AICPA Guide, “Service Organizations: Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting (SOC 1).” SOC 2 audits focus on controls surrounding information security, availability, processing integrity, confidentiality, and privacy. While this report also requires SSAE 18 attestation standards, the auditor must follow AT-C section 105 and AT-C section 205. Additionally, the auditing standards follow the AICPA Guide, “SOC 2 Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy” and TSP section 100 “2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality or Privacy.” To learn more about SOC audits, check out our SOC 2 guide.