SOC 1 stemmed from the original SAS 70 report, which, once SSAE 16 was issued in April 2010, the formal report name was changed to being a SOC 1 report (but issued under the SSAE 16 guidance) and effective as of June 2011. SSAE 18 was then issued May 2017 and will be effective as of December 2018, and apply to all SOC 1 reports issued thereafter.
The five SOC 2 criteria are Security, Availability, Processing Integrity, Confidentiality, and Privacy.
The Service and Organization Controls 2 Report, formally known as a Service Organization Controls Report as of the most recent update to the SSAE 18 audit standard. A SOC 2 report
SOC 1 stemmed from the original SAS 70 report, which, once SSAE 16 was issued in April 2010, the formal report name was changed to being a SOC 1 report
The availability criteria addresses how you go about ensuring the in-scope data and systems stay online and recoverability should go awry.
This depends on how prepared and how many resources an Organization has to dedicate to the project. The first time through, usually a readiness assessment would be performed, and then
As of the latest SSAE 18 and SOC 2 updates, vendor management and review of any relevant compliance / audit reports (SOC 1, SOC 2, HITRUST, ISO 27001/2, PCI, etc.)
SOC Reporting Guide