How is SOC 2 different from SSAE 16?

When the industry replaced SAS-70 reports with SOC 1 and SOC 2 reports as the new standard, there was initially a lot of confusion. SOC 1 reports are often referred as “SSAE 16.” These reports typically only cover the controls that support financial reporting. SOC 2 on the other hand is an audit against the Trust Services Principles and Criteria. SOC 2 reports are generally best for technology service providers that extend beyond financial services. SOC 2 is the best choice for most businesses.

Related Posts

About Us
closeup photo of

Practical Assurance helps companies prepare for compliance with SOC 1, SOC 2, HIPAA, ISO 27001, IISF, and provides ICO and smart contract audits.

Let’s Socialize

Popular Post