SOC 1 reports differ from SOC 2 reports in their use by the organization and their levels of detail.
SSAE 18 incorporated four changes that intended to make the SOC 1 reports more useful.
SSAE 18 reports follow standards by AICPA.
SOC 1 audits focus on controls that affect financial statements.
SOC 1 focuses on controls for financial statements. SOC 2/3 focuses on controls surrounding information security.
Getting SOC 2 / 3 certified is one of the best actions you can take to assure customers that you care about privacy