{"id":1523,"date":"2011-03-08T00:00:00","date_gmt":"2011-03-08T00:00:00","guid":{"rendered":"http:\/\/otava.test\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/"},"modified":"2011-03-08T00:00:00","modified_gmt":"2011-03-08T00:00:00","slug":"socs-and-sass-the-new-standards-for-service-organization-controls-reporting","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/","title":{"rendered":"SOCs and SASs: The New Standards for Service Organization Controls Reporting"},"content":{"rendered":"

Last April, the AICPA announced that SAS 70<\/a> was going away, to be replaced by SSAE 16<\/a>.\u00a0 Since that time, additional discussion and guidance has resulted in more fine-tuning of the standards.\u00a0 It turns out that the AICPA has done a lot more than just renumber and reorganize SAS 70.\u00a0 The Institute has created three new Service Organization Control (SOC) reports intended to provide a framework for CPAs to examine controls at a service organization.<\/p>\n

<\/span>SOC 1: SSAE 16 and The New SAS 70<\/strong><\/span><\/h3>\n

SOC 1 reports will result from attestation engagements focused on controls at service organizations that are likely to be relevant to an audit of a user entity\u2019s (customer\u2019s) financial statements.\u00a0 These engagements will be conducted in accordance with Statement on Standards for Attestation Engagements (SSAE) 16.\u00a0 \u00a0As with the old SAS 70, SOC 1 reports will be available as Type 1 or Type 2 reports.\u00a0 \u00a0Type 1 reports present the auditors\u2019 opinion regarding the accuracy and completeness of management\u2019s description of the system or service as well as the suitability of the design of controls as of a specific date.\u00a0 A Type 2 SOC 1 report provides the auditors\u2019 opinion as to the accuracy and completeness, the suitability of the design of controls, AND<\/em> the operating effectiveness of the controls throughout a declared time period, generally between six months and one year.<\/p>\n

SOC 1 reports are \u201crestricted use\u201d reports intended only for user entities (existing customers) and their auditors, not potential customers or the general public.<\/p>\n

<\/span>SOC 2<\/strong><\/span><\/h3>\n

SOC 2<\/a> reports are based on AT section 101 of the AICPA professional standards.\u00a0 A SOC 2 report covers controls at a service organization relevant to security, availability, processing integrity, confidentiality, and\/or privacy.\u00a0 The criteria upon which these examinations will be based are contained in Trust Services Principles, Criteria and Illustrations<\/em> (AICPA, Technical Practice Aids<\/em>) established jointly by the AICPA and the Canadian Institute of Chartered Accountants (CICA).\u00a0 \u00a0The criteria are organized into five key attributes or \u201cprinciples\u201d:<\/p>\n

1) Security<\/strong> \u2013 the system is protected against unauthorized access (physical and logical).<\/p>\n

2) Availability<\/strong> \u2013 the system is available for operation and use as committed or agreed.<\/p>\n

3) Processing Integrity<\/strong> \u2013 system processing is complete, accurate, timely and authorized.<\/p>\n

4)\u00a0Confidentiality<\/strong> \u2013 information is classified and protected as committed or agreed.<\/p>\n

5)\u00a0Privacy<\/strong> \u2013 personal information is collected, used, retained, disclosed and disposed of as committed or agreed.<\/p>\n

SOC 2 reports can be based on one or more of the principles listed above.<\/p>\n

As with SSAE 16, a SOC 2 report can be issues as a Type 1 or as a Type 2.\u00a0 A Type 1 report presents the auditors opinion as to the accuracy and completeness of the system description as well as the design of the controls.\u00a0 A Type 2 report includes all aspects of a Type 1 report and also includes a description of the tests performed by the service auditor and the results of those tests.\u00a0 A SOC 2 report is also a restricted use report intended for existing customers and their auditors.<\/p>\n

<\/span>SOC 3<\/strong><\/span><\/h3>\n

SOC 3 reports are also based on AT section 101 of the AICPA professional standards and follow the Trust Services Principles.\u00a0\u00a0 The primary difference between a SOC 2 report and a SOC 3 report is that a SOC 3 report provides only the system description provided by management and the auditor\u2019s opinion on whether the system achieved the trust services criteria.\u00a0 The SOC 3 report does not contain any details about the service auditor\u2019s testing or the results of the testing.\u00a0 A SOC 3 report is a general use report, available to existing and potential customers as well as the general public.<\/p>\n

If the service auditor believes that the service organization achieved the trust services criteria, the organization may then distribute the SOC 3 report to customers and may publicly display the SOC 3: SysTrust for Service Organizations seal.\u00a0 This seal is recognition that the organization\u2019s controls meet the pre-established criteria established by the AICPA and CICA.<\/p>\n

<\/span>Conclusion:<\/strong><\/span><\/h3>\n

The new reporting standards for controls at service organizations have been developed in an attempt to provide alternatives to service organizations that will better match the type of report to the primary interests of its user organizations or customers.\u00a0 The use of pre-defined controls criteria for SOC 2 and SOC 3 reports will enable potential customers to have a greater level of assurance that the service providers carrying the SOC 3 seal have adequate controls in place to protect their information assets.<\/p>\n

\n

\"\"<\/a><\/p>\n

 <\/p>\n

David Barton, CRISC, Principal, UHY LLP<\/strong>
\nDavid is a Principal and is the practice leader of the Technology Assurance and Advisory Services group at UHY Advisors, Inc.<\/a> in Atlanta, GA. He is Certified in Risk and Information Systems Controls (CRISC) and received his Certified Information Systems Auditor (CISA) designation in 1988.<\/p>\n

With over 25 years practical experience in information systems and technology risk and controls, he is an expert in identifying and reducing information technology risk throughout an organization.<\/p>\n

\n","protected":false},"excerpt":{"rendered":"

Last April, the AICPA announced that SAS 70 was going away, to be replaced by SSAE 16.\u00a0 Since that time, additional discussion and guidance has resulted in more fine-tuning of the standards.\u00a0 It turns out that the AICPA has done a lot more than just renumber and reorganize SAS 70.\u00a0 The Institute has created three new Service Organization Control (SOC) reports intended to provide a framework for CPAs to examine controls at a service organization. SOC 1: SSAE 16 and The New SAS 70 SOC 1 reports will result from attestation engagements focused on controls at service organizations that are likely to be relevant to an audit of a user entity\u2019s (customer\u2019s) financial statements.\u00a0 These engagements will be conducted in accordance with Statement on Standards for Attestation Engagements (SSAE) 16.\u00a0 \u00a0As with the old SAS 70, SOC 1 reports will be available as Type 1 or Type 2 reports.\u00a0 \u00a0Type 1 reports present the auditors\u2019 opinion regarding the accuracy and completeness of management\u2019s description of the system or service as well as the suitability of the design of controls as of a specific date.\u00a0 A Type 2 SOC 1 report provides the auditors\u2019 opinion as to the accuracy and completeness,…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-1523","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nSOCs and SASs: The New Standards for Service Organization Controls Reporting | OTAVA<\/title>\n<meta name=\"description\" content=\"New service organization control reports have been issued, meaning SAS 70 is no longer and service organizations should focus on SOC 1, 2 and 3.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SOCs and SASs: The New Standards for Service Organization Controls Reporting\" \/>\n<meta property=\"og:description\" content=\"New service organization control reports have been issued, meaning SAS 70 is no longer and service organizations should focus on SOC 1, 2 and 3.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2011-03-08T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.uhyadvisors-us.com\/respics\/DavidBarton.jpg\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"SOCs and SASs: The New Standards for Service Organization Controls Reporting\",\"datePublished\":\"2011-03-08T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/\"},\"wordCount\":794,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.uhyadvisors-us.com\/respics\/DavidBarton.jpg\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/\",\"url\":\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/\",\"name\":\"SOCs and SASs: The New Standards for Service Organization Controls Reporting | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.uhyadvisors-us.com\/respics\/DavidBarton.jpg\",\"datePublished\":\"2011-03-08T00:00:00+00:00\",\"description\":\"New service organization control reports have been issued, meaning SAS 70 is no longer and service organizations should focus on SOC 1, 2 and 3.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#primaryimage\",\"url\":\"https:\/\/www.uhyadvisors-us.com\/respics\/DavidBarton.jpg\",\"contentUrl\":\"https:\/\/www.uhyadvisors-us.com\/respics\/DavidBarton.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SOCs and SASs: The New Standards for Service Organization Controls Reporting\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SOCs and SASs: The New Standards for Service Organization Controls Reporting | OTAVA","description":"New service organization control reports have been issued, meaning SAS 70 is no longer and service organizations should focus on SOC 1, 2 and 3.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/","og_locale":"en_US","og_type":"article","og_title":"SOCs and SASs: The New Standards for Service Organization Controls Reporting","og_description":"New service organization control reports have been issued, meaning SAS 70 is no longer and service organizations should focus on SOC 1, 2 and 3.","og_url":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/","og_site_name":"OTAVA","article_published_time":"2011-03-08T00:00:00+00:00","og_image":[{"url":"https:\/\/www.uhyadvisors-us.com\/respics\/DavidBarton.jpg","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"SOCs and SASs: The New Standards for Service Organization Controls Reporting","datePublished":"2011-03-08T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/"},"wordCount":794,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#primaryimage"},"thumbnailUrl":"https:\/\/www.uhyadvisors-us.com\/respics\/DavidBarton.jpg","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/","url":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/","name":"SOCs and SASs: The New Standards for Service Organization Controls Reporting | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#primaryimage"},"thumbnailUrl":"https:\/\/www.uhyadvisors-us.com\/respics\/DavidBarton.jpg","datePublished":"2011-03-08T00:00:00+00:00","description":"New service organization control reports have been issued, meaning SAS 70 is no longer and service organizations should focus on SOC 1, 2 and 3.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#primaryimage","url":"https:\/\/www.uhyadvisors-us.com\/respics\/DavidBarton.jpg","contentUrl":"https:\/\/www.uhyadvisors-us.com\/respics\/DavidBarton.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/socs-and-sass-the-new-standards-for-service-organization-controls-reporting\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"SOCs and SASs: The New Standards for Service Organization Controls Reporting"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=1523"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1523\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=1523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=1523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=1523"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=1523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}