SOC 1 reports differ from SOC 2 reports in their use by the organization and their levels of detail.
SSAE 18 incorporated four changes that intended to make the SOC 1 reports more useful.
SSAE 18 reports follow standards by AICPA.
SOC 1 audits focus on controls that affect financial statements.
SOC 1 focuses on controls for financial statements. SOC 2/3 focuses on controls surrounding information security.
Getting SOC 2 / 3 certified is one of the best actions you can take to assure customers that you care about privacy
The best time to get a SOC 3 audit is when you’re getting a SOC 2 audit. Because the audits are one and the same.
Learn about five Trust Services Principles for SOC 2 and SOC 3.