The SSAE 18 audit standard is a framework for reporting on an examination of controls at a service organization relevant to user entities’ internal control over financial reporting.
SSAE-18 is effective for all reports issued after May 1, 2017.
The Service and Organization Controls 2 Report, formally known as a Service Organization Controls Report as of the most recent update to the SSAE 18 audit standard. A SOC 2 report
At a high-level, SOC1 is about financial controls, while SOC2 focuses on information security controls. They serve different end-user customers and stakeholders.
SOC 2 is not a certification, it’s a third party attestation of the controls in place at your organization. Typically when a company is asking this question though the answer
Assuming your Company is subject to GDPR, the level of effort depends a lot on the maturity of Organizational and Privacy controls. The Organizational will be mostly met by implementation
Organizations that handle financial transactions, especially those impacting external financial statements, are good examples of those who need SOC1 audits.
SOC Reporting Guide