Criteria are the various factors that provide a frame of reference to be evaluated by a practitioner. Without having defined criteria, any conclusion is open to individual interpretation and misunderstanding.
The SSAE 18 audit standard is a framework for reporting on an examination of controls at a service organization relevant to user entities’ internal control over financial reporting.
SOC 1 stemmed from the original SAS 70 report, which, once SSAE 16 was issued in April 2010, the formal report name was changed to being a SOC 1 report (but issued under the SSAE 16 guidance) and effective as of June 2011. SSAE 18 was then issued May 2017 and will be effective as of December 2018, and apply to all SOC 1 reports issued thereafter.