SOC 1 stemmed from the original SAS 70 report, which, once SSAE 16 was issued in April 2010, the formal report name was changed to being a SOC 1 report (but issued under the SSAE 16 guidance) and effective as of June 2011. SSAE 18 was then issued May 2017 and will be effective as of December 2018, and apply to all SOC 1 reports issued thereafter.
Are Third Party Vendor reviews required for SOC 1 and SOC 2?
As of the latest SSAE 18 and SOC 2 updates, vendor management and review of any relevant compliance / audit reports (SOC 1, SOC 2, HITRUST, ISO 27001/2, PCI, etc.)