A SSAE 18 / SOC 1 Type I Report shows Company’s that your Organization has appropriate controls designed and in place as of the date the report is issued. It
SSAE 16 was built upon the ISAE 3402 framework, which essentially is the same thing, but accepted at an international level with a number of deviations to be discussed here
Criteria, as defined by the SSAE 18 (formerly SSAE 16) guidance are: The standards or benchmarks used to measure and present the subject matter and against which the service auditor
While some companies still request a SAS 70 report (why, who knows…), many contracts now require a SSAE 16 report, and with the change to SSAE 18 many are now
SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now, superseding SSAE 16, and, obviously the relic of audit reports, SAS 70.