How many controls does SSAE 18 have?

SSAE 18 contains 47 controls organized across 5 domains.

Where does SSAE 18 apply?

SSAE 18 is applicable in International. Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

What frameworks does SSAE 18 map to?

SSAE 18 has control-to-control mappings with 594 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.

How do I get started with SSAE 18 compliance?

Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.

SSAE 18 — Attestation Standards (SOC Reporting)

Statement on Standards for Attestation Engagements No. 18 (SSAE 18) provides the framework for SOC (System and Organization Controls) reporting engagements.

Domains

SOC 1 — Internal Controls over Financial Reporting

SOC 2 — Additional Trust Services Categories

SOC 2 — Logical and Physical Access Controls

SOC 2 — Security (Common Criteria)

SOC 2 — System Operations and Change Management

Frequently Asked Questions

Map SSAE 18 — Attestation Standards (SOC Reporting) to any other framework

Use our AI-powered compliance platform to find control overlaps, gaps, and build remediation plans in seconds.

Try Free on Compliance Platform