{"id":195642,"date":"2026-07-17T17:50:05","date_gmt":"2026-07-17T15:50:05","guid":{"rendered":"https:\/\/factorialhr.com\/blog\/?p=195642"},"modified":"2026-07-17T17:52:42","modified_gmt":"2026-07-17T15:52:42","slug":"iso-27001-vs-soc2","status":"publish","type":"post","link":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/","title":{"rendered":"ISO 27001 vs. SOC 2: What&#8217;s the Difference?"},"content":{"rendered":"<p><strong>ISO 27001<\/strong> and <strong>SOC 2<\/strong> almost always show up together, named in the same breath as if they were interchangeable. Both prove to outside parties that your company protects its information well, but they come from different continents, they&#8217;re built differently, and they don&#8217;t carry the same weight depending on who&#8217;s reading them. Mix them up and you can sink months of work and a serious chunk of budget into the one your market isn&#8217;t even asking for.<\/p>\n<p>And yet they have a lot in common. Both rely on an external audit, <strong>share around 80% of their controls<\/strong>, and aim for the same thing, earning the trust of your customers and partners. The difference isn&#8217;t so much in what they protect as in how they prove it, and to whom.<\/p>\n<p>In this article, we&#8217;ll walk through <strong>what each one is<\/strong>, how they differ, and when it makes sense to go with one, the other, or both, so you know exactly what the market expects and what your company actually needs.<\/p>\n<h2>What is ISO 27001?<\/h2>\n<p><a href=\"https:\/\/factorialhr.com\/blog\/iso-27001\/\">ISO 27001<\/a> (officially ISO\/IEC 27001) is the international standard that sets out the requirements for building, running, and improving an <a href=\"https:\/\/factorialhr.com\/blog\/information-security-management-system\/\">Information Security Management System (ISMS)<\/a>. Its current version dates from October 2022, and it&#8217;s the most widely recognized reference in the field, used in more than 150 countries.<\/p>\n<p>What sets it apart is that it&#8217;s certifiable. Any organization, whatever its size or industry, can go through an external audit by an accredited body (in the US, accreditation runs through the <strong>ANAB<\/strong>) and <strong>earn an official, internationally recognized certificate<\/strong>. That certificate is valid for three years, with annual surveillance audits.<\/p>\n<p>The standard is organized into two parts. On one side are the <strong>mandatory clauses<\/strong> (4 through 10), which define how to build and operate the ISMS. On the other is <strong>Annex A<\/strong>, with 93 security controls grouped into four categories. Each organization documents which ones apply to it in its Statement of Applicability (SoA). It&#8217;s also a common starting point for other frameworks, since much of the groundwork carries straight over to SOC 2, HIPAA, or NIST.<\/p>\n<h3>ISO 27001 key points<\/h3>\n<ul>\n<li><strong>International standard:<\/strong> the go-to norm for Information Security Management Systems (ISMS).<\/li>\n<li><strong>Certifiable:<\/strong> an accredited body issues an official certificate, valid for three years with annual surveillance audits.<\/li>\n<li><strong>Management-focused:<\/strong> it defines what your organization has to do to manage security on an ongoing basis.<\/li>\n<li><strong>93 controls:<\/strong> Annex A lists the security controls across four categories (organizational, people, physical, and technological).<\/li>\n<li><strong>Global recognition:<\/strong> especially valued across the EU and UK, in the public sector, and with international enterprise customers.<\/li>\n<li><strong>Foundation for other frameworks:<\/strong> a common starting point that carries over to SOC 2, HIPAA, and NIST.<\/li>\n<\/ul>\n<div class=\"factorial-banner inline-banner banner-other category-iso-27001\"\n    data-banner-id=\"192879\"\n    data-banner-type=\"other\"\n    data-category=\"ISO 27001\">\n    <div class=\"banner-content\">\n        <div class=\"banner-text\">\n                            <h4>Get ISO 27001 certified in weeks<\/h4>\n            \n                            <p>Factorial IT combines MDM, access management, and a dedicated compliance consultant to take you from zero to certified.<\/p>\n            \n                            <a href=\"https:\/\/factorialhr.com\/iso-27001\"\n                    class=\"factorial-cta-button not-prose freebie\" data-cta=\"other\" data-cta-position=\"inline-banner\">\n                    Learn more                <\/a>\n                    <\/div>\n\n        <div class=\"banner-image has-image\">\n            <img decoding=\"async\" src=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2026\/06\/19135845\/EN-ISO27001.png\" class=\"not-prose\" \/>\n        <\/div>\n    <\/div>\n<\/div>\n<h2>What is SOC 2?<\/h2>\n<p>SOC 2 (<em>System and Organization Controls 2<\/em>) is an audit framework developed by the AICPA (<em>American Institute of Certified Public Accountants<\/em>). <strong>It evaluates how a service organization protects the data its customers hand over<\/strong>, and it&#8217;s especially common among SaaS companies, cloud providers, and tech firms.<\/p>\n<p>Unlike ISO 27001, SOC 2 <strong>isn&#8217;t a certification<\/strong>. The audit ends in an attestation report issued by a CPA firm, in which the auditor gives their opinion on how well the company&#8217;s controls are designed and operating. There&#8217;s no &#8220;SOC 2 certificate&#8221; to hang on the wall. What you get is a detailed report that customers or investors review, usually under an NDA.<\/p>\n<p>The evaluation is built around five Trust Services Criteria, and only the security criterion is required. Each company decides which of the other four to include, which makes SOC 2 <strong>a flexible framework where you define your own scope<\/strong>. The report can be Type I, which assesses how the controls are designed at a single point in time, or Type II, which also measures how well they operate over a period of six to twelve months and is considered the stronger assurance.<\/p>\n<h3>SOC 2 key points<\/h3>\n<ul>\n<li><strong>US framework:<\/strong> developed by the AICPA and widely used across the US and the SaaS world.<\/li>\n<li><strong>Report, not certification:<\/strong> the result is an attestation report issued by a CPA firm.<\/li>\n<li><strong>Five Trust Services Criteria:<\/strong> security (required), availability, processing integrity, confidentiality, and privacy.<\/li>\n<li><strong>Flexible scope:<\/strong> you choose which controls and criteria to include in the audit.<\/li>\n<li><strong>Type I and Type II:<\/strong> Type I looks at how controls are designed, Type II at how they perform over time.<\/li>\n<li><strong>Built for customers and investors:<\/strong> standard in due diligence and vendor reviews across the US.<\/li>\n<\/ul>\n<h2>Differences between ISO 27001 and SOC 2<\/h2>\n<p>Even though they share many of the same controls and chase the same goal of protecting information, they work differently. ISO 27001 certifies a complete management system. SOC 2 issues a report on a selected set of controls. Here are the main differences between the two.<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: center;\">Criterion<\/th>\n<th style=\"text-align: center;\">ISO 27001<\/th>\n<th style=\"text-align: center;\">SOC 2<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: center;\"><strong>Origin<\/strong><\/td>\n<td style=\"text-align: center;\">ISO\/IEC (international)<\/td>\n<td style=\"text-align: center;\">AICPA (United States)<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Type of result<\/strong><\/td>\n<td style=\"text-align: center;\">Official certification<\/td>\n<td style=\"text-align: center;\">Attestation report<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Who audits<\/strong><\/td>\n<td style=\"text-align: center;\">Accredited certification body<\/td>\n<td style=\"text-align: center;\">Licensed CPA firm<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>What you get<\/strong><\/td>\n<td style=\"text-align: center;\">A certificate with a pass or fail result<\/td>\n<td style=\"text-align: center;\">A detailed report with the auditor&#8217;s opinion<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Approach<\/strong><\/td>\n<td style=\"text-align: center;\">Requirements for a complete ISMS<\/td>\n<td style=\"text-align: center;\">Controls over a specific service<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Flexibility<\/strong><\/td>\n<td style=\"text-align: center;\">Prescriptive, standardized structure<\/td>\n<td style=\"text-align: center;\">Flexible, you define the scope<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Recognition<\/strong><\/td>\n<td style=\"text-align: center;\">Global, highly valued in the EU<\/td>\n<td style=\"text-align: center;\">Predominant in the US<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Validity<\/strong><\/td>\n<td style=\"text-align: center;\">Three years with annual audits<\/td>\n<td style=\"text-align: center;\">Type II covers a 6 to 12 month period<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Formats<\/strong><\/td>\n<td style=\"text-align: center;\">Single certification<\/td>\n<td style=\"text-align: center;\">Type I and Type II<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>When should you choose ISO 27001 or SOC 2?<\/h2>\n<p>In practice, the choice comes down less to which one is &#8220;better&#8221; and more to where your customers are and what they&#8217;re asking for. <strong>Both frameworks are solid and share around 80% of their controls<\/strong>, so the work you put into one gets you a good way toward the other.<\/p>\n<p><strong>If your customers are in the US<\/strong>, especially in SaaS or tech, chances are they&#8217;ll ask for a <strong>SOC 2<\/strong> report. In a lot of US buying processes it&#8217;s become a de facto requirement, to the point where some prospects won&#8217;t move forward with a vendor that can&#8217;t produce one.<\/p>\n<p><strong>If you&#8217;re selling into Europe, chasing enterprise deals, or bidding on government and public-sector contracts<\/strong>, <strong>ISO 27001<\/strong> is the natural call. It&#8217;s the standard that regulators, large organizations, and international buyers recognize across the EU and UK, and it lines up with frameworks like GDPR. For any company looking to prove security maturity on a global stage, it&#8217;s the starting point.<\/p>\n<p>And if your company operates on both sides of the Atlantic, it&#8217;s worth pursuing both. Order matters here. The most efficient path is usually to earn ISO 27001 first, since it structures the entire ISMS, and then lean on that work for the SOC 2 report. Doing it the other way around tends to cost more, because you end up building the whole management system on a foundation that wasn&#8217;t designed for it.<\/p>\n<h2>How Factorial IT helps with ISO 27001 and SOC 2<\/h2>\n<p>ISO 27001 and SOC 2 call for the same kind of technical evidence, just from different angles. ISO looks at whether a control is built into your management system. SOC 2 checks whether it&#8217;s been working consistently over the audit period. <a href=\"https:\/\/factorialhr.com\/factorial-it\">Factorial IT<\/a> generates that evidence automatically, through everyday operations, which is exactly what a Type II auditor is there to validate.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/factorial.es\/wp-content\/uploads\/2026\/03\/23134110\/factorial-it-platform-1024x506.png\" alt=\"factorial it platform\" \/><\/p>\n<p>In practice, it covers the access, device, and inventory controls both frameworks review. For ISO 27001, they stay documented and exportable for your Statement of Applicability. For SOC 2, they feed the security criterion, with HR-synced offboarding that cuts access the moment someone leaves and keeps a record of it.<\/p>\n<ul>\n<li><strong>IT asset inventory:<\/strong> an automatic catalog of devices, software, and access, exportable as evidence for your ISO 27001 SoA and your SOC 2 scope.<\/li>\n<li><strong>Access management:<\/strong> permissions to SaaS tools granted and revoked by role, the foundation of ISO control A.5.15 and the SOC 2 security criterion.<\/li>\n<li><strong>Device security:<\/strong> encryption, passwords, and lock screens applied on every device, with a status record to demonstrate the control over time.<\/li>\n<li><strong>Secure offboarding:<\/strong> when someone&#8217;s deactivated in HR, all their access closes with no manual work, and the auditor has a trail to follow.<\/li>\n<li><strong>Audit evidence:<\/strong> compliance reports generated automatically, ready to export for both your ISO certification and your Type II report.<\/li>\n<\/ul>\n<h4>Related articles:<\/h4>\n<ul>\n<li><a href=\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/\">ISO 27001 vs ISO 27002<\/a>.<\/li>\n<li><a href=\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-9001\/\">ISO 27001 vs ISO 9001<\/a>.<\/li>\n<li><a href=\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-22301\/\">ISO 27001 vs ISO 22301<\/a>.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>ISO 27001 and SOC 2 almost always show up together, named in the same breath as if they were interchangeable. Both prove to outside parties that your company protects its information well, but they come from different continents, they&#8217;re built differently, and they don&#8217;t carry the same weight depending on who&#8217;s reading them. Mix them<a href=\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/\" class=\"read-more\"> [&#8230;]<\/a><\/p>\n","protected":false},"author":352,"featured_media":195647,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1096],"tags":[],"class_list":["post-195642","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iso-27001-2"],"acf":{"topics":"factorial-it"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.9.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ISO 27001 vs. SOC 2: What&#039;s the Difference? | Factorial<\/title>\n<meta name=\"description\" content=\"ISO 27001 vs. SOC 2: the differences, what they share, and which framework your company actually needs.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 27001 vs. SOC 2: What&#039;s the Difference?\" \/>\n<meta property=\"og:description\" content=\"ISO 27001 vs. SOC 2: the differences, what they share, and which framework your company actually needs.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/\" \/>\n<meta property=\"og:site_name\" content=\"Factorial\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-17T15:50:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-17T15:52:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2026\/07\/17174954\/iso-27001-vs-soc2-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"976\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Enrique Quiroga\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@factorialapp\" \/>\n<meta name=\"twitter:site\" content=\"@factorialapp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Enrique Quiroga\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/\"},\"author\":{\"name\":\"Enrique Quiroga\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/576a40f0f266777ab73068c097d59014\"},\"headline\":\"ISO 27001 vs. SOC 2: What&#8217;s the Difference?\",\"datePublished\":\"2026-07-17T15:50:05+00:00\",\"dateModified\":\"2026-07-17T15:52:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/\"},\"wordCount\":1366,\"publisher\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#organization\"},\"articleSection\":[\"ISO 27001\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/\",\"url\":\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/\",\"name\":\"ISO 27001 vs. SOC 2: What's the Difference? | Factorial\",\"isPartOf\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#website\"},\"datePublished\":\"2026-07-17T15:50:05+00:00\",\"dateModified\":\"2026-07-17T15:52:42+00:00\",\"description\":\"ISO 27001 vs. SOC 2: the differences, what they share, and which framework your company actually needs.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#website\",\"url\":\"https:\/\/factorialhr.com\/blog\/\",\"name\":\"Factorial\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/factorialhr.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#organization\",\"name\":\"All-in-one business management software - Factorial\",\"url\":\"https:\/\/factorialhr.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png\",\"contentUrl\":\"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png\",\"width\":946,\"height\":880,\"caption\":\"All-in-one business management software - Factorial\"},\"image\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/\",\"https:\/\/twitter.com\/factorialapp\",\"https:\/\/www.linkedin.com\/company\/factorialhr\",\"https:\/\/www.youtube.com\/@factorialmedia\",\"https:\/\/www.instagram.com\/factorial\/#\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/576a40f0f266777ab73068c097d59014\",\"name\":\"Enrique Quiroga\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fcc26a14dc327372e37434cfc64f3917?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fcc26a14dc327372e37434cfc64f3917?s=96&d=identicon&r=g\",\"caption\":\"Enrique Quiroga\"},\"url\":\"https:\/\/factorialhr.com\/blog\/author\/enrique-quiroga\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"ISO 27001 vs. SOC 2: What's the Difference? | Factorial","description":"ISO 27001 vs. SOC 2: the differences, what they share, and which framework your company actually needs.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/","og_locale":"en_US","og_type":"article","og_title":"ISO 27001 vs. SOC 2: What's the Difference?","og_description":"ISO 27001 vs. SOC 2: the differences, what they share, and which framework your company actually needs.","og_url":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/","og_site_name":"Factorial","article_publisher":"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/","article_published_time":"2026-07-17T15:50:05+00:00","article_modified_time":"2026-07-17T15:52:42+00:00","og_image":[{"width":1800,"height":976,"url":"https:\/\/factorialhr.com\/wp-content\/uploads\/2026\/07\/17174954\/iso-27001-vs-soc2-2.png","type":"image\/png"}],"author":"Enrique Quiroga","twitter_card":"summary_large_image","twitter_creator":"@factorialapp","twitter_site":"@factorialapp","twitter_misc":{"Written by":"Enrique Quiroga","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/#article","isPartOf":{"@id":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/"},"author":{"name":"Enrique Quiroga","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/576a40f0f266777ab73068c097d59014"},"headline":"ISO 27001 vs. SOC 2: What&#8217;s the Difference?","datePublished":"2026-07-17T15:50:05+00:00","dateModified":"2026-07-17T15:52:42+00:00","mainEntityOfPage":{"@id":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/"},"wordCount":1366,"publisher":{"@id":"https:\/\/factorialhr.com\/blog\/#organization"},"articleSection":["ISO 27001"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/","url":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/","name":"ISO 27001 vs. SOC 2: What's the Difference? | Factorial","isPartOf":{"@id":"https:\/\/factorialhr.com\/blog\/#website"},"datePublished":"2026-07-17T15:50:05+00:00","dateModified":"2026-07-17T15:52:42+00:00","description":"ISO 27001 vs. SOC 2: the differences, what they share, and which framework your company actually needs.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/factorialhr.com\/blog\/iso-27001-vs-soc2\/"]}]},{"@type":"WebSite","@id":"https:\/\/factorialhr.com\/blog\/#website","url":"https:\/\/factorialhr.com\/blog\/","name":"Factorial","description":"","publisher":{"@id":"https:\/\/factorialhr.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/factorialhr.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/factorialhr.com\/blog\/#organization","name":"All-in-one business management software - Factorial","url":"https:\/\/factorialhr.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png","contentUrl":"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png","width":946,"height":880,"caption":"All-in-one business management software - Factorial"},"image":{"@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/","https:\/\/twitter.com\/factorialapp","https:\/\/www.linkedin.com\/company\/factorialhr","https:\/\/www.youtube.com\/@factorialmedia","https:\/\/www.instagram.com\/factorial\/#"]},{"@type":"Person","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/576a40f0f266777ab73068c097d59014","name":"Enrique Quiroga","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/fcc26a14dc327372e37434cfc64f3917?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fcc26a14dc327372e37434cfc64f3917?s=96&d=identicon&r=g","caption":"Enrique Quiroga"},"url":"https:\/\/factorialhr.com\/blog\/author\/enrique-quiroga\/"}]}},"_links":{"self":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts\/195642"}],"collection":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/users\/352"}],"replies":[{"embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/comments?post=195642"}],"version-history":[{"count":4,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts\/195642\/revisions"}],"predecessor-version":[{"id":195649,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts\/195642\/revisions\/195649"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/media\/195647"}],"wp:attachment":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/media?parent=195642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/categories?post=195642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/tags?post=195642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}