An auditing standard for service organizations. SSAE 18 is largely an American standard, but it mirrors the International Standard on Assurance Engagements (ISAE) 3402. A SOC 1 Type 1 report is an independent snapshot of the organization’s control landscape on a given day. A SOC 1 Type 2 report adds a historical element, showing how controls were managed over time. For reports that are not specifically focused on internal controls over financial reporting SOC 2 audits and focus on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy. In technology SaaS companies, the SOC 2 audit is purchased to provide an assurance on various aspects of the software including security, availability, and processing integrity.