Security & Compliance Blog

Looking for a SOC 2 Type 1 guide, then welcome to socreports.com, the most in-depth website dedicated to the SOC 2 standard. Developed by NDNB – North America’s leading provider of SOC 2 assessments, socreports.com will answer all your SOC 2 questions, essentially becoming your SOC 2 Type 1 guide. Moreover, NDNB’s SOC 2 Type 1 guide information is without question the most informative, up-to-date, and easy-to-read documentation found anywhere on the Internet today.

If your business is interested in seeking annual SOC 2 compliance – or you’re being requested to perform such services by a client or notable prospect – here’s what you need to know:

1. Welcome to the World of Regulatory Compliance: Today’s business world is full of challenges and complexities, and now a new and ever-growing mandates sits high on the list for many businesses; regulatory compliance. With an ever-changing digital world and a threat landscape that seems to be growing larger each year, companies are being required to perform a host of annual security and operational audits, such as SSAE 18 SOC 1 and SOC 2 compliance. SOC 2, put forth by the AICPA, is essentially tailored towards technology companies – the likes of data centers, SaaS vendors, and more – so if that’s you, then expect to be summoned for annual SOC 2 compliance.

NDNB provides industry leading SOC 2 audit reports and assessments for metro Atlanta businesses, along with other entities in select regions throughout the state of Georgia. With growing regulatory compliance mandates being imposed on all types of organizations – regardless of industry, size or location – now’s the time to seek out the services of Georgia’s premier SOC 2 audit firm, and that’s NDNB.

Atlanta, Georgia SOC 2 Audits & Assessments | Fixed Fees | Call NDNB

Atlanta is the new hotspot for technology in the country – and it’s no fad – as companies are pouring into Georgia because of friendly labor laws and low taxes. Just look at how much Alpharetta has grown in recent years, with a large part of its success directly attributed to the tech sector. Yet it also means that the untold numbers of technology companies in Atlanta will more than likely face growing regulatory compliance mandates, specifically that of SOC 2 compliance, and for good reason. As companies continue to outsource critical services, they must rely on the safety and security of various third-parties, and SOC 2 audit reports are high on the list for many businesses providing such services to other entities.

Question: What Does SOC 2 Stand For?

Answer: SOC 2 stands for “System and Organization Controls”, for which there are two (2) main types of SOC reports – SOC 1 reports and SOC 2 reports. While SOC 1 reports are primarily aimed at service organizations who provides essential services that could impact financial reporting for their clients, SOC 2 reports are geared towards the large and growing technology industry that is now taking shape.

As stated by the American Institute of Certified Public Accountants (AICPA), “System and Organization Controls (SOC) is a suite of service offerings CPAs may provide in connection with system-level controls of a service organization or entity-level controls of other organizations.”

The Importance of SOC 2 Reports

As for SOC 2 reports, they are intended to meet the needs of a broad range of users requiring comprehensive information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.

As such, SOC 2 reports play a vital role in helping service organizations illustrate their internal controls to other entities requiring such information. Think of it this way in much more simpler terms. You have a business, and you’re relying on other businesses to perform critical functions that are essential to your success. So, don’t you want to know – don’t you deserve to know – that whatever services you’re outsourcing to these businesses, that they have the proper internal controls in place? Yes, you do, and it’s why SOC 2 audits have been experiencing massive growth in recent years, and will continue to do so.

Question: Who Needs a SOC 2 Report?

Answer: There are literally tens of thousands of businesses – technically known as “Service Organizations” – in the world of regulatory compliance that actually have to perform an annual SOC 2 audit.

Service organizations are entities that provides essential services to another business, and because of that, these very service organizations are often asked to perform annual SOC 2 audits for purposes of examining and testing their internal controls.

What are internal controls? As defined in accounting and auditing, internal controls are a process for assuring an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies.

Simply stated, internal controls are about the policies, procedures, and processes a service organization has in place for their daily operations. How do employees access information systems? What initiatives does management have in place for showcasing leadership and accountability? These are just a few of the countless number of internal controls for which service organizations should have in place, and annual SOC 2 reporting examines – and tests – these controls.

Think about it, if you’re a business outsourcing to another business, don’t you want to know about that organization’s internal controls? Don’t you want to know how their daily operations are run, what policies, procedures, and processes are in place? Sure, you do, and it’s why SOC 2 reports are being required for thousands of businesses throughout North America, and the world.

Southern California SSAE 18 SOC 1 assessments and audit reports are available from the Golden State compliance experts at NDNB. From San Diego to Sacramento – and beyond – NDNB has been offering high-quality, competitively priced regulatory compliance audits for years, so contact us today for all your SSAE 18 SOC 1 – and SOC 2 – audit needs.

With compliance mandates growing larger and larger each year, businesses are being forced to grapple with enormous costs and time-commitments for SSAE 18 SOC 1 audits, and its why businesses often turn to the California regulatory compliance leader at NDNB, providers of fixed-fee audit services for a wide range of regulatory mandates, such as SOC 1, SOC 2, PCI DSS, GDPR, HIPAA, and more.

NDNB also offers comprehensive SOC 1 and SOC 2 audits for businesses using Amazon AWS, Microsoft Azure, and Google GCP. 

Southern California SSAE 18 SOC 1 Type 1 & Type 2 Audits | Fixed Fees

What separates NDNB apart from the rest of the pack is our lock-step phased approach, one that illustrates efficiency and scalability when it comes to audits for California businesses. It means that from beginning to end, we’re all about efficiency, flexibility, competitive pricing, along with providing a superior assessment report for compliance and business development purposes. Nobody likes spending thousands of dollars and hundreds of hours on SSAE 18 SOC 1 assessments – we get it – and its why businesses turn to NDNB for today’s growing compliance mandates.

There’s quite the debate going on between SOC 1 vs. SOC 2 and which of the AICPA System and Organization Controls (SOC) options is more viable for a service organization. To help clarify, just remember that SSAE 18 SOC 1 are assessments conducted on entities that can impact their clients’ financials, while SOC 2 assessments are geared toward today’s technology driven businesses. That’s not to say there are exceptions, but these are the general rules that apply when choosing between SSAE 18 SOC 1 and SOC 2.

NDNB provides industry leading SOC 1 SSAE 18 and SOC 2 assessments for Colorado businesses located in Denver, Boulder, Fort Collins and other surrounding areas. With the incredible growth of regulatory compliance in today’s business world, companies are seeking highly competent, efficient, and trustworthy audit services, and its why businesses in Colorado turn to NDNB. From an initial SOC 1 SSAE 18 Readiness Assessment to remediation, along with performing an actual SOC 1 Type 1 and/or SOC 1 Type 2 assessment, NDNB has the expertise and knowledge for providing an efficient audit process from beginning to end.

SOC 2 for cloud computing is one of the most talked about topics in the world of regulatory compliance, and for two (2) obvious reasons: (1). Currently, there’s a massive migration underway by businesses that are moving towards cloud platforms (i.e., Amazon AWS & Microsoft Azure, and even Google GCP) (2). For many of these businesses – technically known as service organizations in the world of auditing – they’re having to perform annual SSAE 18 SOC 1 and/or SOC 2 audits.

SOC 2 audits & reports for Dallas, TX businesses are offered by NDNB, Texas’ leading provider of regulatory compliance assessments and consulting services, such as SOC 1 SSAE 18, SOC 2, PCI DSS, HIPAA assessments, and more. With today’s growing compliance mandates, it’s time to choose a proven provider of professional, fixed-fee services, a firm with a deep record of integrity and value in the Lone Star State, and that’s NDNB!

Dallas’ Leading Provider of SOC 2 Compliance Audits

Businesses in the Dallas Fort Worth (DFW) Metroplex have been turning to NDNB for years when it comes to proven services, fixed-fees, high-quality audits, and a household name they can trust. What makes us different from “the other guys” is our ability to truly understand every conceivable industry for which SOC 2 reporting is impacting. That’s right, from agriculture to information technology, there’s literally dozens of industries being affected by the SOC 2 compliance reporting requirements.

SOC 2 reports and assessments for Southern California businesses – including San Diego, Orange County, Los Angeles, and other select regions – are available from NDNB, one of California’s leading providers of regulatory compliance audits. NDNB offers competitively priced, fixed fee assessments for businesses needing to comply with today’s growing compliance mandates, such as SSAE 18 SOC 1, SOC 2, PCI DSS, HIPAA and many other federally and/or industry specific regulations.

With years of experience working with California businesses, NDNB possesses the manpower and knowledge when it comes to the alphabet soup of regulations, so contact Christopher G. Nickell, CPA, today at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it..

If you’re a California business just entering the world of regulatory compliance, here’s what you need to know about SSAE 18 SOC 1 compliance, courtesy of NDNB, the Golden State’s leading provider of fixed-fee regulatory services and solutions:

1. Begin with a SSAE 18 SOC 1 Scoping & Readiness Assessment. Want to gain a true understanding and working knowledge of SSAE 18 audits, then perform an upfront SOC 1 scoping & readiness assessment – a pre-audit exercise that effectively identifies audit scope boundaries, areas of remediation, personnel needs, and other relevant factors. One of the biggest challenges that California businesses face with regulatory compliance is “scope creep”; an audit that’s simply grown too large, too complex, and costly.

SOC 2 compliance audits for Atlanta, Georgia service organizations are often a necessity in today’s world of growing regulatory compliance, so turn to the auditing professionals today at NDNB. We’ve issued hundreds of SOC 2 reports since the launch of the new AICPA System and Organization Controls (SOC) framework in 2011, so call and speak with Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more today.

We’re Georgia’s Compliance Leaders – Let’s Talk

It’s no secret that regulatory compliance is alive and well all throughout North America, and definitely in Atlanta, Georgia due to the tremendous growth of information technology in the Southeast. Georgia is without question one of the leading centers for commerce in the United States, and what’s not to love about our business climate – a diverse mixture of companies, great access to transportation and resources, and so much more.

Looking for a SOC 2 consultant, somebody with expertise, knowledge, and years of audit experience in helping you plan and prepare for a successful audit? Then talk to the experts at NDNB, one of North America’s leading providers of SOC 2 audits. Not only do we offer SOC 2 assessments – both SOC 2 Type 1 and SOC 2 Type 2 assessments – for fixed fees, we also offer SOC 2 scoping & readiness assessments for service organizations all throughout North America. In simpler terms, we become your much-needed SOC 2 consultant for helping with all aspects of annual SOC 2 compliance.

Businesses all throughout North America are being hit hard with SOC compliance reporting, so if you’re asking yourself how to become SOC 2 compliant, NDNB – a leading provider of SOC 2 audit services – offers the following SOC 2 roadmap to compliance for helping ensure an efficient, thorough, and cost-effective process is put in place.

Here’s what you need to know regarding how to become SOC 2 compliant, courtesy of NDNB, North America’s leading provider of SOC 2 audits & assessments.

NDNB is Orange County’s leading provider of SSAE 18 SOC 1 compliance audits, offering high-quality, competitively priced fixed fees. With an ever-increasing list of regulatory compliance mandates being imposed on today’s businesses, Orange County service organizations need a proven and trusted firm for providing guidance and clarity with SOC 1 compliance, and that’s NDNB.

We’ve been involved with regulatory compliance for years, starting with the historical SAS 70 auditing standard in 1992, and continuing on with the new AICPA Service Organization Control (SOC) reporting framework, which consists of SSAE 16 (now SSAE 18) SOC 1, SOC 2, and SOC 3 reporting.

SSAE 18 SOC 1 Compliance Auditors - Orange County, CA - Fixed Fees

One of the biggest questions Orange County service organizations always have is, “which audit should I do, an SSAE 18 SOC 1 or a SOC 2 audit”, and it’s a good question indeed. While the SSAE 18 standard, which is the professional standard used for issuing SOC 1 reports, officially replaced the one-size fits all SAS 70 and SSAE 16 standard, the SOC 2 standard was completely new.

It’s also important to note that SOC 1 audits are for service organizations that typically display a credible relationship to impacting their clients’ financial reporting, more commonly known as Internal Controls over Financial Reporting (ICFR). Specifically, if you’re performing functions for your clients – and such functions can impact their financial reporting – then SSAE 18 SOC 1 is the preferred choice for assessing internal controls.

NDNB provides SSAE 18 SOC 1 remediation services – along with SOC 1, SOC 2, and SOC 3 audits – to businesses all throughout the Atlanta, Georgia metropolitan area. With the continued growth of regulatory compliance, companies all throughout the Atlanta area are being required to undertake annual SSAE 18 SOC 1 audits, however, getting prepared for such an assessment is often the most difficult, challenging, and time-consuming aspect of the entire audit itself.

Providers of Comprehensive SSAE 18 SOC 1 Solutions at Fixed Fees

But before any service organization can undertake remediation activities, they’ll need to identify what exactly requires remediation, such as policies and procedures, system configuration changes, and other notable mandates. It’s why performing an SSAE 18 SOC 1 readiness assessment is vital for purposes of identifying gaps, weaknesses, and other internal control failures. NDNB provides comprehensive SSAE 18 SOC 1 readiness assessments, along with the following remediation services for SOC audits:

Policy and Procedure Writing: A big – and growing part – of regulatory compliance is documentation, and it’s why NDNB offers comprehensive policy writing services for our clients. The time and effort needed for developing high-quality, comprehensive, SSAE 18 SOC 1 minimum required policies and procedures can be incredibly time-consuming and operationally challenging. The best advice we can give our clients – if you don’t have documentation in place – is allowing NDNB to provide you with our in-depth and easy-to-use information security policy and procedures writing services.

Per the AICPA Publication, Trust Services Principles and Criteria, “A risk assessment process is used to establish a risk baseline and to, at least annually, identify new or changed risks to personal information and to develop and update responses to such risks.” So, does it mean that service organizations undertaking annual SOC 2 compliance assessments need to perform an annual risk assessment? Absolutely. In fact, a number of the “Common Criteria” listed within the overall Trust Services Principles and Criteria require that a documented, formalized risk assessment process be in place.

What’s the Scope for A SOC 2 Risk Assessment?

The challenge, however, for service organizations, is determining what the scope of a risk assessment should be, what documentation should be used for such an exercise, and are their standards and guidelines to use. Let’s take a look at all of these issues and clarify the risk assessment process once and for all for SOC 2 reporting. NDNB provides a complimentary risk assessment program to all of our valued SOC 2 audit clients.

There are many different categories of risk than you can choose to assess on, such as market risk, credit risk, security risk, country risk, etc.

The key to determining which of these risks you should assess during a SOC 2 engagement depends primarily on your business process and other essential scoping parameters. Yet even with that said, most – if not all – service organizations will assess information security risks, and other applicable operational risks, two key areas relevant to the SOC 2 auditing process.

NDNB provides industry leading, fixed-fee PCI DSS consulting and assessment services for Atlanta, Georgia businesses seeking to comply with the Payment Card Industry Data Security Standards (PCI DSS) mandates. With proven cybersecurity auditors that have years of real-world experience, NDNB is Georgia’s preferred choice for PCI DSS compliance.

Atlanta is one of the largest centers of commerce in North America, with companies moving to the metro area almost daily, creating immense opportunities for jobs seekers and for companies looking to call the Peach State home. What also comes along with huge growth are massive regulatory compliance requirements – specifically, the PCI DSS standards – so turn to the experts today at NDNB for proven services and fixed-fee pricing.

NDNB is Atlanta’s premier compliance firm when it comes to the almost endless list of regulations and industry mandates businesses have to comply with. Call and speak directly with a PCI-QSA today at 1-800-277-5415, ext. 705.

What We Offer Atlanta Businesses for PCI DSS Compliance

1. Scoping & Readiness Assessments: A PCI DSS scoping & readiness assessment is essential for Atlanta, Georgia businesses new to the PCI DSS compliance mandates, as critical initiatives – such as scoping, assessing internal controls, developing a roadmap & plan of action for remediation, and more – must be performed prior to any type of certification process even beginning.

The compliance mandates put forth by the Payment Card Industry Data Security Standards (PCI DSS) can be incredibly challenging, complex, and time-consuming, thus it’s important to perform an upfront scoping & readiness assessment prior to your PCI certification efforts.

It doesn’t have to be done annually, but it’s highly recommended to perform this activity for any business new to the PCI DSS reporting mandates. Having a clear plan of action and knowing what the roadmap ahead is in terms of PCI DSS compliance are the true benefits of a scoping & readiness assessment, so call and speak directly with a PCI-QSA today at 1-800-277-5415, ext. 705.

2. Remediation Services: The vast majority of Atlanta merchants and service providers who are seeking to become compliant with the Payment Card Industry Data Security Standards (PCI DSS) will ultimately require some form of remediation. From missing policies and procedures to incorrectly configured system settings, remediation is an essential component of PCI compliance.

NDNB provides comprehensive remediation assistance, from providing policy templates to policy writing services, technical implementation solutions, and much more. There’s simply no reason to “go it alone” when it comes to correcting internal control deficiencies related to PCI compliance – talk to the experts at NDNB today.

3. Policies and Procedures Writing: High on the list of remediation is often policies and procedures, which can become an incredibly time-consuming and arduous process, but thanks to our industry leading security policy templates, we’ve got you covered with two great options. First, you can simply obtain our policy and procedure templates – which have been written by our very own PCI-QSA – and customize them yourself, ultimately saving thousands of dollars and hundreds of hours.

Second, you can hire NDNB to author the policies for you – a service we’ve been providing since 2009 to our clients all throughout North America – also a great option that saves a tremendous amount of time.

4. Technical Remediation: Remember that the Payment Card Industry Data Security Standards (PCI DSS) are a rather technical certification process, one that includes numerous I.T. mandates. Because of this, both merchants and service providers will often find themselves implementing a number of technical remediation activities, ranging from changing firewall configuration files to implementing File Integrity Monitoring, and much more.

NDNB is a leading provider of SSAE 18 SOC 1 assessments for Washington DC, Maryland, and Northern Virginia service organizations. With fixed-fee pricing and years of experience in regulatory compliance, we offer highly efficient audit services that save businesses both time and money. The DC metro area is arguably now the biggest I.T. region in North America – surpassing even coveted Silicon Valley in various metrics – which ultimately means big and looming regulatory compliance mandates are just around the corner for thousands of businesses.

From Northern Virginia to Annapolis, we’re a Household Name

Looking for a firm with true roots in the DC Metro region, then look no further than the professionals at NDNB, as many of our founding partners not only call the area home, they have also spent decades raising their families and starting their careers here. The Washington, D.C. metropolitan area is a fascinating, complex and lively region, offering incredible opportunities for all walks of life, and its one reason the region is still experiencing massive growth.

As such, NDNB has positioned itself as a hometown service provider of regulatory compliance services, offering fixed-fee assessments for many of today’s challenging and demanding rulings and regulations. Getting ready, prepared, and successfully executing on today’s complex and time-consuming compliance mandates requires expert knowledge and audit “know-how” – traits that NDNB exhibits with each of our clients.

What DC Metro Businesses Need to Know for SSAE 18 SOC 1

We’ve put together the following detailed and comprehensive SSAE 18 SOC 1 introduction and overview for Washington DC, Maryland, and Northern Virginia businesses for helping gain a greater understanding of one of today’s most demanding compliance mandates. SOC 1 compliance is here to stay, so it’s important to gain a strong technical understanding of all the relevant aspects of the AICPA Service Organization Control (SOC) framework.

NDNB offers a wide variety of SOC 2 compliance services for California businesses, including notable SOC 2 remediation services ranging from policy and procedure writing to technical implementation and correction of internal controls. NDNB has been California’s leading compliance provider for years, so turn to the experts who offer the following SOC 2 remediation services.

SOC 2 Remediation Services for California Businesses

1. InfoSec Policy Documentation: Information security policies and procedures form a large element of SOC 2 compliance as each of the respective “Common Criteria” provisions within the Trust Services Criteria (TSC) essentially advocate documentation. It can be an incredibly time-consuming and challenging endeavor in developing all necessary policies and procedures, and it’s why NDNB offers such services. We also provide all of our California clients with a complimentary documentation if they would like to develop the policies themselves. It’s just another example of what separates NDNB from the “other guys”.

The AICPA Trust Services Principles and Criteria (TSP) are essentially control criteria established by the Assurance Services Executive Committee (ASEC), and consist of Security, Availability, Processing Integrity, Confidentiality, and Privacy. Furthermore, such control criteria are used for attestation or consulting engagements for evaluating and reporting on controls over the security, availability, processing integrity, confidentiality, or privacy over information and systems (a) across an entire entity; (b) at a subsidiary, division, or operating unit level; (c) within a function relevant to the entity's operational, reporting, or compliance objectives; or (d) for a particular type of information used by the entity.

There are Five Trust Services Criteria (TSP)

As to the actual Trust Services Principles and Criteria (TSP), they comprise of the following:

• Security
• Availability
• Processing Integrity
• Confidentiality
• Privacy