{"id":23969,"date":"2025-04-24T13:36:34","date_gmt":"2025-04-24T11:36:34","guid":{"rendered":"https:\/\/brandcompliance.com\/?post_type=docs&#038;p=23969"},"modified":"2026-03-26T10:48:48","modified_gmt":"2026-03-26T09:48:48","password":"","slug":"isae-3402-vs-soc-2","status":"publish","type":"docs","link":"https:\/\/brandcompliance.com\/en\/docs\/isae-3402-vs-soc-2\/","title":{"rendered":"ISAE 3402 vs SOC 2: what is the difference?"},"content":{"rendered":"<p>Are you comparing ISAE 3402 vs SOC 2 and unsure which <a href=\"https:\/\/brandcompliance.com\/en\/assurance-report\/\">assurance report<\/a> fits your organization? Many service providers face the same question. Both reports help demonstrate control, reliability, and trust. Still, they are not the same. ISAE 3402 focuses on internal controls relevant to clients\u2019 financial reporting, while SOC 2 focuses on information security, availability, confidentiality, processing integrity, and privacy. Would you like to determine which report fits your organization best? <a href=\"https:\/\/brandcompliance.com\/en\/contact\/\">Contact<\/a> Brand Compliance for tailored advice.<\/p>\n<p>This page explains the difference between ISAE 3402 and SOC 2, when each report is relevant, and when a combined audit approach may make sense.<\/p>\n<h2>ISAE 3402 vs SOC 2 at a glance<\/h2>\n<p><strong>ISAE 3402 is<\/strong> mainly used to provide assurance over controls that affect clients\u2019 financial reporting.<br \/>\n<strong>SOC 2<\/strong> is mainly used to provide assurance over information security and related system controls.<\/p>\n<p>That makes the right choice highly dependent on your services, your clients, and the type of assurance they expect from your organization.<\/p>\n<h3>Comparison table<\/h3>\n<table style=\"height: 304px;\" width=\"927\">\n<tbody>\n<tr>\n<td width=\"82\"><em>Topic<\/em><\/td>\n<td width=\"265\"><strong>ISAE 3402<\/strong><\/td>\n<td width=\"256\"><strong>SOC 2<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"82\"><strong>Main focus<\/strong><\/td>\n<td width=\"265\">Internal controls relevant to financial reporting<\/td>\n<td width=\"256\">Information security and trust services<\/td>\n<\/tr>\n<tr>\n<td width=\"82\"><strong>Typical organizations<\/strong><\/td>\n<td width=\"265\">Payroll providers, financial outsourcing partners, administrators<\/td>\n<td width=\"256\">SaaS providers, cloud companies, hosting providers, data processors<\/td>\n<\/tr>\n<tr>\n<td width=\"82\"><strong>Main objective<\/strong><\/td>\n<td width=\"265\">Provide assurance over controls affecting clients\u2019 financial statements<\/td>\n<td width=\"256\">Provide assurance over security, privacy, confidentiality, and system reliability<\/td>\n<\/tr>\n<tr>\n<td width=\"82\"><strong>Framework<\/strong><\/td>\n<td width=\"265\">International assurance standard<\/td>\n<td width=\"256\">AICPA Trust Services Criteria<\/td>\n<\/tr>\n<tr>\n<td width=\"82\"><strong>Typical audience<\/strong><\/td>\n<td width=\"265\">Auditors, financial stakeholders, clients<\/td>\n<td width=\"256\">Clients, prospects, business partners<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>In other words, ISAE 3402 is generally more financially oriented, while SOC 2 is more focused on information security and IT control.<\/em><\/p>\n<p><a href=\"http:\/\/brandcompliance.com\/wp-content\/uploads\/2025\/04\/AdobeStock_231005361-1.webp\"><img decoding=\"async\" class=\"aligncenter wp-image-25865 size-full\" src=\"http:\/\/brandcompliance.com\/wp-content\/uploads\/2025\/04\/AdobeStock_231005361-1.webp\" alt=\"ISAE 3402 vs SOC 2\" width=\"800\" height=\"533\" srcset=\"https:\/\/brandcompliance.com\/wp-content\/uploads\/2025\/04\/AdobeStock_231005361-1.webp 800w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2025\/04\/AdobeStock_231005361-1-300x200.webp 300w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2025\/04\/AdobeStock_231005361-1-768x512.webp 768w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2025\/04\/AdobeStock_231005361-1-360x240.webp 360w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2025\/04\/AdobeStock_231005361-1-600x400.webp 600w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<h2>What is ISAE 3402?<\/h2>\n<p>ISAE 3402 is an international assurance standard designed for service organizations whose services may affect the financial reporting of their clients. An <a href=\"https:\/\/brandcompliance.com\/en\/isae-3402-report\/\">ISAE 3402 report<\/a> helps demonstrate that relevant internal controls are properly designed and, depending on the report type, operating effectively over time.<\/p>\n<p>This type of report is often relevant for organizations such as:<\/p>\n<ul>\n<li>payroll providers<\/li>\n<li>financial service providers<\/li>\n<li>administrative outsourcing partners<\/li>\n<li>trust offices and investment-related service organizations<\/li>\n<\/ul>\n<h3>ISAE 3402 report types<\/h3>\n<ul>\n<li><strong>ISAE 3402 Type I<\/strong><br \/>\nThis report assesses the design and implementation of controls at a specific point in time.<\/li>\n<li><strong>ISAE 3402 Type II<\/strong><br \/>\nThis report assesses both the design and the operating effectiveness of controls over a defined review period.<\/li>\n<\/ul>\n<p>For organizations that support clients\u2019 financial processes, an ISAE 3402 report is often a key way to demonstrate controlled and reliable service delivery.<\/p>\n<h2>What is SOC 2?<\/h2>\n<p>SOC 2 is an assurance reporting framework developed by the American Institute of Certified Public Accountants, or AICPA. A <a href=\"https:\/\/brandcompliance.com\/en\/services\/soc-2-report\/\">SOC 2 report<\/a> is used to assess how an organization manages information security and related controls.<\/p>\n<p>SOC 2 is particularly relevant for organizations such as:<\/p>\n<ul>\n<li>cloud service providers<\/li>\n<li>Software as a Service companies<\/li>\n<li>data centers and hosting providers<\/li>\n<li>organizations that process sensitive customer data<\/li>\n<\/ul>\n<h3>Trust Services Criteria<\/h3>\n<p>A SOC 2 report is based on the Trust Services Criteria, which cover five control areas:<\/p>\n<ol>\n<li><strong>Security<\/strong><br \/>\nProtection against unauthorized access to systems and data.<\/li>\n<li><strong>Availability<\/strong><br \/>\nAssurance that systems are available for operation and use as agreed.<\/li>\n<li><strong>Processing integrity<\/strong><br \/>\nAssurance that system processing is complete, valid, accurate, timely, and authorized.<\/li>\n<li><strong>Confidentiality<\/strong><br \/>\nProtection of confidential information within systems and processes.<\/li>\n<li><strong>Privacy<\/strong><br \/>\nManagement of personal data in line with relevant privacy requirements.<\/li>\n<\/ol>\n<h3>SOC report types<\/h3>\n<p>In addition to the SOC 2 report, there are two other types of reports. Below we explain the three variants:<\/p>\n<p data-start=\"223\" data-end=\"281\"><strong data-start=\"223\" data-end=\"279\">SOC 1 \u2013 Financial processes and internal controls<br \/>\n<\/strong><span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">Assessment of internal controls relevant to clients&#8217; financial reporting.<\/span><\/span> <span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">Consider organizations that provide services such as payroll processing, claims handling, or financial transactions.<\/span><\/span><\/p>\n<ul>\n<li><em data-start=\"554\" data-end=\"563\">SOC 1 Type I:<\/em> Focuses on the design and operation of controls at a specific point in time.<br \/>\n<em data-start=\"647\" data-end=\"657\">SOC 1 Type II:<\/em> Examines both the design and operating effectiveness of these controls over a longer period (usually between 3 and 12 months).<\/li>\n<\/ul>\n<p data-start=\"782\" data-end=\"841\"><strong data-start=\"782\" data-end=\"839\">SOC 2 \u2013 Confidentiality and Information Security<br \/>\n<\/strong><span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">Evaluation of controls based on the Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.<\/span><\/span> <span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">Intended for companies that want to demonstrate their information security and best practices to customers or partners.<\/span><\/span> <span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">SOC 2 reports typically contain sensitive and detailed information and are shared with customers or prospects only under non-disclosure agreements (NDAs).<\/span><\/span><\/p>\n<ul>\n<li data-start=\"4683\" data-end=\"4770\"><strong data-start=\"4683\" data-end=\"4699\">SOC 2 Type I<\/strong><br data-start=\"4699\" data-end=\"4702\" \/>An evaluation of the design of controls at a specific point in time.<\/li>\n<li data-start=\"4683\" data-end=\"4770\"><strong data-start=\"4772\" data-end=\"4789\">SOC 2 Type II<\/strong><br data-start=\"4789\" data-end=\"4792\" \/>An evaluation of both the design and operating effectiveness of controls over a longer period.<\/li>\n<\/ul>\n<p data-start=\"1418\" data-end=\"1460\"><strong data-start=\"1418\" data-end=\"1458\">SOC 3 \u2013 Public version of SOC 2<br \/>\n<\/strong><span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">Provides a concise overview of security controls, based on the Trust Services Criteria.<\/span><\/span> <span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">This is suitable for organizations that want to publicly demonstrate their compliance with security standards, for example, through their website or as a marketing tool.<\/span><\/span><\/p>\n<p><span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">SOC 3 reports are less detailed than SOC 2 and do not contain confidential information.<\/span><\/span> <span class=\"jCAhz\"><span class=\"ryNqvb\">This makes them suitable for broad, public distribution.<\/span><\/span><\/p>\n<h2>What is the difference between ISAE 3402 and SOC 2?<\/h2>\n<p>The difference between ISAE 3402 and SOC 2 lies mainly in the purpose of the report and the type of risk it addresses.<\/p>\n<p>ISAE 3402 is intended for organizations whose services influence the financial reporting of their clients. SOC 2 is intended for organizations that need to demonstrate control over information security, privacy, and system reliability.<\/p>\n<p>That distinction matters. If your clients need assurance that outsourced financial processes are properly controlled, ISAE 3402 is often the better fit. If your clients want assurance about cybersecurity, confidentiality, and operational resilience, SOC 2 is usually more appropriate.<\/p>\n<p><strong>In simple terms<\/strong><\/p>\n<ul>\n<li>ISAE 3402 is centered on financial control assurance.<\/li>\n<li>SOC 2 is centered on information security assurance.<\/li>\n<\/ul>\n<h2>Is ISAE 3402 the same as SOC 2?<\/h2>\n<p>No, ISAE 3402 is not the same as SOC 2.<\/p>\n<p>The two reports may appear similar because both are assurance reports for service organizations. However, they use different frameworks and serve different assurance objectives. ISAE 3402 focuses on controls relevant to financial reporting. SOC 2 focuses on controls related to security, availability, confidentiality, processing integrity, and privacy.<\/p>\n<p>That is why organizations should not choose between them based only on market familiarity or client buzzwords. The right choice depends on your services, your client requirements, and the type of assurance your stakeholders expect.<\/p>\n<h2>When do you choose ISAE 3402?<\/h2>\n<p>ISAE 3402 is typically the most logical option when your organization performs services that affect your clients\u2019 accounting or financial reporting processes.<\/p>\n<p>This often applies when you:<\/p>\n<ul>\n<li>process payroll<\/li>\n<li>handle financial administration<\/li>\n<li>support transaction flows<\/li>\n<li>operate outsourced financial back-office functions<\/li>\n<\/ul>\n<p>If your clients\u2019 auditors or finance teams ask for evidence of control over these activities, an ISAE 3402 report is often the expected assurance instrument.<\/p>\n<h2>When do you choose SOC 2?<\/h2>\n<p>SOC 2 is often the right choice when your organization needs to show that information security and system controls are properly designed and managed.<\/p>\n<p>This is especially relevant if your organization:<\/p>\n<ul>\n<li>delivers SaaS or cloud services<\/li>\n<li>hosts systems or infrastructure<\/li>\n<li>processes customer or business-sensitive data<\/li>\n<li>works with international clients that expect recognized security assurance<\/li>\n<\/ul>\n<p>In those situations, a SOC 2 report can strengthen trust, support vendor assessments, and improve commercial credibility.<\/p>\n<h2>Can you combine ISAE 3402 and SOC 2?<\/h2>\n<p>Yes, in some cases an organization may benefit from both an ISAE 3402 report and a SOC 2 report.<\/p>\n<p>This is especially relevant for service providers that manage both financially relevant processes and technology-driven environments. For example, an organization may process financial data in a cloud platform or support both business administration and IT operations for clients.<\/p>\n<p>In those situations, a combined or aligned audit approach may be more efficient than running two completely separate assurance tracks. That said, the scope and control criteria must be carefully defined to ensure that each report still addresses the right assurance objective.<\/p>\n<h2>Which report fits your organization?<\/h2>\n<p>The answer depends on the nature of your services and on what your clients need from you.<\/p>\n<p>If your organization affects clients\u2019 financial reporting, ISAE 3402 is often the strongest fit.<\/p>\n<p>If your organization needs to demonstrate control over information security and data handling, SOC 2 is often more appropriate.<\/p>\n<p>If both apply, a combined assessment may be worth exploring.<\/p>\n<table style=\"width: 100%; border-collapse: collapse;\">\n<tbody>\n<tr>\n<td style=\"width: 270px; padding-right: 20px; vertical-align: top;\"><a href=\"http:\/\/brandcompliance.com\/wp-content\/uploads\/2025\/04\/AdobeStock_295111141-269x300.webp\"><img decoding=\"async\" class=\"alignright size-medium wp-image-25871\" src=\"http:\/\/brandcompliance.com\/wp-content\/uploads\/2025\/04\/AdobeStock_295111141-269x300.webp\" alt=\"ISAE 3402 or SOC 2\" width=\"269\" height=\"300\" srcset=\"https:\/\/brandcompliance.com\/wp-content\/uploads\/2025\/04\/AdobeStock_295111141-269x300.webp 269w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2025\/04\/AdobeStock_295111141.webp 358w\" sizes=\"(max-width: 269px) 100vw, 269px\" \/><\/a><\/td>\n<td style=\"vertical-align: top;\"><strong><strong>Need help choosing between ISAE 3402 and SOC 2?<br \/>\n<\/strong><\/strong><\/p>\n<p data-start=\"8867\" data-end=\"9117\">Would you like to know whether ISAE 3402, SOC 2, or a combined assurance approach fits your organization best? Brand Compliance helps organizations assess their scope, risks, and stakeholder requirements so they can choose the right audit trajectory.<br \/>\n<span style=\"font-family: inherit; font-size: inherit; color: #333333;\"><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\nvar gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),document.addEventListener(\"gform\/theme\/scripts_loaded\",function(){gform.themeScriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,themeScriptsLoaded:!1,isFormEditor:()=>\"function\"==typeof InitializeEditor,callIfLoaded:function(o){return!(!gform.domLoaded||!gform.scriptsLoaded||!gform.themeScriptsLoaded&&!gform.isFormEditor()||(gform.isFormEditor()&&console.warn(\"The use of gform.initializeOnLoaded() is deprecated in the form editor context and will be removed in Gravity Forms 3.1.\"),o(),0))},initializeOnLoaded:function(o){gform.callIfLoaded(o)||(document.addEventListener(\"gform_main_scripts_loaded\",()=>{gform.scriptsLoaded=!0,gform.callIfLoaded(o)}),document.addEventListener(\"gform\/theme\/scripts_loaded\",()=>{gform.themeScriptsLoaded=!0,gform.callIfLoaded(o)}),window.addEventListener(\"DOMContentLoaded\",()=>{gform.domLoaded=!0,gform.callIfLoaded(o)}))},hooks:{action:{},filter:{}},addAction:function(o,r,e,t){gform.addHook(\"action\",o,r,e,t)},addFilter:function(o,r,e,t){gform.addHook(\"filter\",o,r,e,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,r){gform.removeHook(\"action\",o,r)},removeFilter:function(o,r,e){gform.removeHook(\"filter\",o,r,e)},addHook:function(o,r,e,t,n){null==gform.hooks[o][r]&&(gform.hooks[o][r]=[]);var d=gform.hooks[o][r];null==n&&(n=r+\"_\"+d.length),gform.hooks[o][r].push({tag:n,callable:e,priority:t=null==t?10:t})},doHook:function(r,o,e){var t;if(e=Array.prototype.slice.call(e,1),null!=gform.hooks[r][o]&&((o=gform.hooks[r][o]).sort(function(o,r){return o.priority-r.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==r?t.apply(null,e):e[0]=t.apply(null,e)})),\"filter\"==r)return e[0]},removeHook:function(o,r,t,n){var e;null!=gform.hooks[o][r]&&(e=(e=gform.hooks[o][r]).filter(function(o,r,e){return!!(null!=n&&n!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][r]=e)}});\n\/* ]]> *\/\n<\/script>\n\n                <div class='gf_browser_gecko gform_wrapper gform_legacy_markup_wrapper gform-theme--no-framework' data-form-theme='legacy' data-form-index='0' id='gform_wrapper_85' ><form method='post' enctype='multipart\/form-data'  id='gform_85'  action='\/en\/wp-json\/wp\/v2\/docs\/23969' data-formid='85' novalidate>\t\t\t\t\t<div style=\"display: none !important;\" class=\"akismet-fields-container gf_invisible\" data-prefix=\"ak_\">\n\t\t\t\t\t\t<label>&#916;<textarea name=\"ak_hp_textarea\" cols=\"45\" rows=\"8\" maxlength=\"100\"><\/textarea><\/label>\n\t\t\t\t\t\t<input type=\"hidden\" id=\"ak_js_1\" name=\"ak_js\" value=\"96\" \/>\n\t\t\t\t\t\t<script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\ndocument.getElementById( \"ak_js_1\" ).setAttribute( \"value\", ( new Date() ).getTime() );\n\/* ]]> *\/\n<\/script>\n\n\t\t\t\t\t<\/div>\n                        <div class='gform-body gform_body'><ul id='gform_fields_85' class='gform_fields top_label form_sublabel_below description_below validation_below'><li id=\"field_85_14\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_85_14'>LinkedIn<\/label><div class='ginput_container'><input name='input_14' id='input_85_14' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_85_14'>This field is for validation purposes and should be left unchanged.<\/div><\/li><li id=\"field_85_6\" class=\"gfield gfield--type-textarea gfield--input-type-textarea gfield--width-full field_sublabel_below gfield--no-description field_description_above hidden_label field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_85_6'>What is your question about?<\/label><div class='ginput_container ginput_container_textarea'><textarea name='input_6' id='input_85_6' class='textarea small'    placeholder='What is your question about?'  aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div><\/li><li id=\"field_85_13\" class=\"gfield gfield--type-text gfield--input-type-text gfield--width-full field_sublabel_below gfield--no-description field_description_below hidden_label field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_85_13'>Your name<\/label><div class='ginput_container ginput_container_text'><input name='input_13' id='input_85_13' type='text' value='' class='large'    placeholder='Your name'  aria-invalid=\"false\"   \/><\/div><\/li><li id=\"field_85_5\" class=\"gfield gfield--type-email gfield--input-type-email gfield--width-full field_sublabel_below gfield--no-description field_description_below hidden_label field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_85_5'>Email address<\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_5' id='input_85_5' type='email' value='' class='large'   placeholder='Your email address'  aria-invalid=\"false\"  \/>\n                        <\/div><\/li><li id=\"field_85_7\" class=\"gfield gfield--type-captcha gfield--input-type-captcha field_sublabel_below gfield--no-description field_description_below hidden_label field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_85_7'>CAPTCHA<\/label><div id='input_85_7' class='ginput_container ginput_recaptcha' data-sitekey='6LfQXsQZAAAAADnWRIxONY6yeLEJkbC5hTqPCCWB'  data-theme='light' data-tabindex='-1' data-size='invisible' data-badge='bottomright'><\/div><\/li><\/ul><\/div>\n        <div class='gform-footer gform_footer top_label'> <input type='submit' id='gform_submit_button_85' class='gform_button button' onclick='gform.submission.handleButtonClick(this);' data-submission-type='submit' value='Submit your question'  \/> \n            <input type='hidden' class='gform_hidden' name='gform_submission_method' data-js='gform_submission_method_85' value='postback' \/>\n            <input type='hidden' class='gform_hidden' name='gform_theme' data-js='gform_theme_85' id='gform_theme_85' value='legacy' \/>\n            <input type='hidden' class='gform_hidden' name='gform_style_settings' data-js='gform_style_settings_85' id='gform_style_settings_85' value='[]' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_85' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='85' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_currency' data-currency='EUR' value='0Tc1cDdlXA9VXwCCJs1Ew4Ul2MjzeuyhTwpefCmKtV86Qo632Y2II+ThxNEGdGJhNN61RsTvCdDgtFUWmD64JjEjRGfPJD2b8I9MAjL5z\/kMEL0=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_85' value='WyJbXSIsIjM5YzdlY2E2OTI1ZmE0YjAxMDJlNDBmYmZjMjY5YzcwIl0=' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_target_page_number_85' id='gform_target_page_number_85' value='0' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_source_page_number_85' id='gform_source_page_number_85' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <\/form>\n                        <\/div><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n gform.initializeOnLoaded( function() {gformInitSpinner( 85, 'https:\/\/brandcompliance.com\/wp-content\/plugins\/gravityforms\/images\/spinner.svg', true );jQuery('#gform_ajax_frame_85').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_85');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_85').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){jQuery('#gform_wrapper_85').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_85').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_85').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/  }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_85').val();gformInitSpinner( 85, 'https:\/\/brandcompliance.com\/wp-content\/plugins\/gravityforms\/images\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [85, current_page]);window['gf_submitting_85'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}jQuery('#gform_wrapper_85').replaceWith(confirmation_content);jQuery(document).trigger('gform_confirmation_loaded', [85]);window['gf_submitting_85'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_85').text());}else{jQuery('#gform_85').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"85\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);        if (event && event.defaultPrevented) {                return;        }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_85\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_85\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_85\" );        let postRenderFired = false;        function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            gform.core.triggerPostRenderEvents( 85, current_page );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} ); \n\/* ]]> *\/\n<\/script>\n<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Are you comparing ISAE 3402 vs SOC 2 and unsure which assurance report fits your organization? Many service providers face the same question. Both reports&#8230;<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"doc_category":[2372],"doc_tag":[],"class_list":["post-23969","docs","type-docs","status-publish","hentry","doc_category-assurance-audits-en"],"acf":[],"year_month":"2026-04","word_count":1320,"total_views":"2113","reactions":{"happy":"0","normal":"0","sad":"0"},"author_info":{"name":"Anika","author_nicename":"anika","author_url":"https:\/\/brandcompliance.com\/en\/author\/anika\/"},"doc_category_info":[{"term_name":"Assurance audits","term_url":"https:\/\/brandcompliance.com\/en\/docs-category\/assurance-audits-en\/"}],"doc_tag_info":[],"knowledge_base_info":[],"knowledge_base_slug":[],"_links":{"self":[{"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/docs\/23969","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/comments?post=23969"}],"version-history":[{"count":28,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/docs\/23969\/revisions"}],"predecessor-version":[{"id":25873,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/docs\/23969\/revisions\/25873"}],"wp:attachment":[{"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/media?parent=23969"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/doc_category?post=23969"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/doc_tag?post=23969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}