{"id":1705,"date":"2011-12-19T00:00:00","date_gmt":"2011-12-19T00:00:00","guid":{"rendered":"http:\/\/otava.test\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/"},"modified":"2011-12-19T00:00:00","modified_gmt":"2011-12-19T00:00:00","slug":"a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/","title":{"rendered":"Differences Between SOC 1\/SSAE 16 vs SOC 2"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-17512\" src=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/SOC-of-a-different-color-01.png\" alt=\"Different SOCS: SOC 1 vs SOC 2\" width=\"350\" height=\"245\">If you\u2019re in a business that needs to meet <a href=\"https:\/\/otavawebsite.wpengine.com\/compliance-security\/soc-1-2-3-compliant-cloud\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sarbanes-Oxley compliance<\/a>, you probably know by now that the SAS 70 report expired earlier this year and was replaced with the SSAE 16 attestation. <a href=\"https:\/\/otavawebsite.wpengine.com\/compliance-security\/soc-1-2-3-compliant-cloud\/\">SSAE 16<\/a> is a lot like SAS 70, but adds an attestation set forth and signed by a company\u2019s management that confirms that the described controls are in place and functional.<\/p>\n<p>You might have known that SSAE 16 is also called <a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/soc-1-soc-2-soc-3-report-comparison\/\">SOC 1<\/a>. It\u2019s just an alternative label for exactly the same thing.<\/p>\n<p>And this might lead you to believe that the <a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/what-is-a-service-organization-control-soc-2-report\/\" target=\"_blank\" rel=\"noopener noreferrer\">SOC 2<\/a> audit report is closely related to SOC 1 \u2026 but this couldn\u2019t be further from the truth. The \u201clittle\u201d difference between SOC 1 and <a href=\"https:\/\/www.onlinetech.com\/soc-2-hosting-soc-3-hosting\" target=\"_blank\" rel=\"noopener noreferrer\">SOC 2<\/a> amounts to a significant difference to companies who are using the reports as part of their due diligence to research prospective vendors. SOC 2 finally addresses the industry need for a consistent set of criteria against which companies can be measured and compared.<\/p>\n<p><strong>Oh, you didn\u2019t know that <a href=\"https:\/\/otavawebsite.wpengine.com\/reference\/sas-70-ssae-16-and-soc-comparison\/\" target=\"_blank\" rel=\"noopener noreferrer\">SSAE 16\/SOC 1<\/a> is an arbitrary measurement?<\/strong> It goes something like this &#8211; before an auditor steps foot into a company to be audited, the company gets to decide what they want to be audited on. It\u2019s like getting to say what questions you want on your final exam. Companies are likely to specify those controls that are in their sweet spot, and that they know they will pass. Companies are likely to omit controls that are weak and ineffective.<\/p>\n<p>What\u2019s worse is that there&#8217;s no consistency in audit scope. Some companies specify a mere handful of controls to be audited, while others document exhaustive procedures that they are audited and reported on. Even though any company that passes an SSAE 16\/SOC 1 audit can claim Sarbanes-Oxley (SOX) compliance, only a detailed scrutiny of the independent audit report will reveal what the company has elected to have audited, and the auditor\u2019s opinion. No two SSAE 16\/SOC 1 reports are the same! See the problem?<\/p>\n<p>But wait, it still gets worse for companies who are using SSAE 16\/SOC 1 reports as due diligence for vendor selection. By definition, SSAE 16\/SOC 1 and the previous SAS 70 standard reviews financial and accounting controls of a service provider. So, when you review one of those reports, you\u2019re getting confirmation that they keep their books well. While this may be one measure of honesty, wouldn\u2019t you really care about the processes that you will be hiring them for? For example, if you were evaluating Online Tech as a hosting provider, would you rather see an independent audit report about our financial and administrative procedures, or an independent audit report about how we control the privacy, security, availability, integrity and confidentiality of our data center facilities and server hosting solutions?<\/p>\n<p><strong>This is where the <a href=\"https:\/\/www.onlinetech.com\/soc-2-hosting-soc-3-hosting\" target=\"_blank\" rel=\"noopener noreferrer\">SOC 2<\/a> audit and report comes in.<\/strong> Don\u2019t be fooled into thinking that SOC 2 is a next level up from SOC 1. SOC 2 is a COMPLETELY different species. Here\u2019s why. SOC 2 is the first and only audit and report that sets a pre-defined, consistent set of criteria specifically around the services that a company provides. That means that when you read and compare the SOC 2 reports from two different companies, you can finally compare apples to apples. And what\u2019s even better, you get to compare the processes directly related to the services they will be providing you. While SAS 70 and SSAE 16\/SOC 1 are designed to measure financial controls, the SOC 2 audit is designed to measure Service Organization Controls related to:<\/p>\n<ol>\n<li><strong>Security<\/strong><\/li>\n<li><strong>Availability<\/strong><\/li>\n<li><strong>Processing Integrity<\/strong><\/li>\n<li><strong>Confidentiality<\/strong><\/li>\n<li><strong>Privacy<\/strong><\/li>\n<\/ol>\n<p>Alright, so you get that SOC 2 is a completely different audit than SOC 1. Ready for the next \u201cgotcha\u201d? There are actually two types of SOC 2 audits: a <strong>Type I<\/strong> and <strong>Type II<\/strong>. Just like SSAE 16\/SOC 1, the Type I report just means that the company has stated that the controls are in place and functional. The Type II report is the real measurement and auditor validation that the stated controls actually ARE in place and actually ARE working. Put this all together, and the net is, you want to compare vendors who will share a copy of the independent <strong>SOC 2 Type II<\/strong> report.<\/p>\n<p><strong>Some cautionary tales: not all companies that position themselves to have \u201ccompliant solutions\u201d are really independently audited.<\/strong> How do you know? Ask for a copy of the independent audit report. Expect that these will only be shared under an NDA (Non-Disclosure Agreement), but that\u2019s fair considering that these reports describe the heart and soul of how a service organization runs its business. You might find that some companies won\u2019t even provide their independent audit reports under NDA. Big warning sign. If a service-oriented company refuses to share their audit reports with a prospective customer, it\u2019s impossible for you to prove to your board, shareholders, customers and regulators that you did your own due diligence. And for some industries, the stakes are too high to take this kind of a chance.<\/p>\n<p>If you want an objective, relevant measure of how your vendor will be able to provide a secure, available, confidential and private solution of integrity, there is only one independent audit report to ask for: <strong>SOC 2 Type II<\/strong>. At the end of the day in our industry, when investors and clients want proof that a data center is going to be able to meet SLA obligations for server, data, and application uptime, they need to know that the processes and controls around security, availability, processing integrity, confidentiality and privacy are rock solid \u2013 not that a data center\u2019s financial controls have passed review.<\/p>\n<p>More references:<\/p>\n<p><a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/what-is-a-service-organization-control-soc-2-report\/\" target=\"_blank\" rel=\"noopener noreferrer\">What is a SOC 2 report?<\/a><br \/>\n<a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/ssae-18-vs-ssae-16-key-differences-in-the-new-soc-1-standard\/\" target=\"_blank\" rel=\"noopener noreferrer\">SSAE 18 vs. SSAE 16: Key Differences in the new SOC 1 Standard<\/a><br \/>\n<a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/soc-1-soc-2-soc-3-report-comparison\/\">SOC Report Comparison<\/a><br \/>\n<a href=\"https:\/\/www.aicpa.org\/\">American Institute of CPAs<\/a><br \/>\n<a href=\"https:\/\/www.uhyadvisors-us.com\/\">UHY Advisors<\/a><br \/>\n<a href=\"https:\/\/itcontrolsfreak.wordpress.com\/\">Principal of UHY Advisors, David Barton\u2019s blog<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you\u2019re in a business that needs to meet Sarbanes-Oxley compliance, you probably know by now that the SAS 70 report expired earlier this year and was replaced with the SSAE 16 attestation. SSAE 16 is a lot like SAS 70, but adds an attestation set forth and signed by a company\u2019s management that confirms that the described controls are in place and functional. You might have known that SSAE 16 is also called SOC 1. It\u2019s just an alternative label for exactly the same thing. And this might lead you to believe that the SOC 2 audit report is closely related to SOC 1 \u2026 but this couldn\u2019t be further from the truth. The \u201clittle\u201d difference between SOC 1 and SOC 2 amounts to a significant difference to companies who are using the reports as part of their due diligence to research prospective vendors. SOC 2 finally addresses the industry need for a consistent set of criteria against which companies can be measured and compared. Oh, you didn\u2019t know that SSAE 16\/SOC 1 is an arbitrary measurement? It goes something like this &#8211; before an auditor steps foot into a company to be audited, the company gets to decide&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-1705","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Critical Differences Between SOC 2 and SOC 1\/SSAE 16<\/title>\n<meta name=\"description\" content=\"While SAS 70 and SSAE 16\/SOC 1 measure financial control, the SOC 2 audit measures Service Organization Controls.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Differences Between SOC 1\/SSAE 16 vs SOC 2\" \/>\n<meta property=\"og:description\" content=\"While SAS 70 and SSAE 16\/SOC 1 measure financial control, the SOC 2 audit measures Service Organization Controls.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2011-12-19T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/SOC-of-a-different-color-01.png\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Differences Between SOC 1\/SSAE 16 vs SOC 2\",\"datePublished\":\"2011-12-19T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/\"},\"wordCount\":969,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/SOC-of-a-different-color-01.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/\",\"url\":\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/\",\"name\":\"Critical Differences Between SOC 2 and SOC 1\/SSAE 16\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/SOC-of-a-different-color-01.png\",\"datePublished\":\"2011-12-19T00:00:00+00:00\",\"description\":\"While SAS 70 and SSAE 16\/SOC 1 measure financial control, the SOC 2 audit measures Service Organization Controls.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#primaryimage\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/SOC-of-a-different-color-01.png\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/SOC-of-a-different-color-01.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Differences Between SOC 1\/SSAE 16 vs SOC 2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Critical Differences Between SOC 2 and SOC 1\/SSAE 16","description":"While SAS 70 and SSAE 16\/SOC 1 measure financial control, the SOC 2 audit measures Service Organization Controls.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/","og_locale":"en_US","og_type":"article","og_title":"Differences Between SOC 1\/SSAE 16 vs SOC 2","og_description":"While SAS 70 and SSAE 16\/SOC 1 measure financial control, the SOC 2 audit measures Service Organization Controls.","og_url":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/","og_site_name":"OTAVA","article_published_time":"2011-12-19T00:00:00+00:00","og_image":[{"url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/SOC-of-a-different-color-01.png","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Differences Between SOC 1\/SSAE 16 vs SOC 2","datePublished":"2011-12-19T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/"},"wordCount":969,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/SOC-of-a-different-color-01.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/","url":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/","name":"Critical Differences Between SOC 2 and SOC 1\/SSAE 16","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/SOC-of-a-different-color-01.png","datePublished":"2011-12-19T00:00:00+00:00","description":"While SAS 70 and SSAE 16\/SOC 1 measure financial control, the SOC 2 audit measures Service Organization Controls.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#primaryimage","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/SOC-of-a-different-color-01.png","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/SOC-of-a-different-color-01.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/a-soc-of-a-different-color-critical-differences-between-soc-2-and-soc-1ssae-16\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Differences Between SOC 1\/SSAE 16 vs SOC 2"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1705","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=1705"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1705\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=1705"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=1705"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=1705"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=1705"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}