If you’re a California business just entering the world of regulatory compliance, here’s what you need to know about SSAE 18 SOC 1 compliance, courtesy of NDNB, the Golden State’s leading provider of fixed-fee regulatory services and solutions:

1. Begin with a SSAE 18 SOC 1 Scoping & Readiness Assessment. Want to gain a true understanding and working knowledge of SSAE 18 audits, then perform an upfront SOC 1 scoping & readiness assessment – a pre-audit exercise that effectively identifies audit scope boundaries, areas of remediation, personnel needs, and other relevant factors. One of the biggest challenges that California businesses face with regulatory compliance is “scope creep”; an audit that’s simply grown too large, too complex, and costly.

You need to determine at the onset what are the true boundaries of the audit – and when that’s successfully done – you’re off to a great start! But it’s also about assessing and identifying critical gaps and deficiencies within your internal control environment that need to be corrected BEFORE the audit actually begins.

Hosting in Amazon AWS and Need a SOC 1 Audit? Let's Talk.

2. Expect some degree of remediation to be performed. From missing policy documents to internal controls not functioning as designed, remediation is often necessary before commencing with the SSAE 18 SOC 1 audit. Remediation can be minimal or it can be demanding in terms of time, it all just depends on the maturity of one’s internal controls, but the key in finding out just how much remediation – if any – that has to be completed is by performing the all-important SSAE 18 SOC 1 scoping & readiness assessment. Call and speak with CPA Christopher Nickell at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDNB’s fixed-fee pricing for California businesses.

3. Obtain Necessary Information Security Policies and Procedures Templates. Developing the necessary policies and supporting procedures can be a time-consuming endeavor for SSAE 18 SOC 1 compliance, thus it’s important to obtain high-quality, easy-to-use, comprehensive I.T. templates, which is what NDNB offers with our complimentary InfoSec policy packets.

The time and effort it can take to develop information security policies from scratch can be almost staggering – we’re talking dozens upon dozens of hours – so do what other California businesses have been doing, and that’s obtaining NDNB’s complimentary set of InfoSec documents that includes all necessary policies, procedures, templates and other documents for helping speed up the process for SSAE 18 SOC 1 compliance.

4. Engage in the concept of “Continuous Monitoring”. It’s one thing to have an audit successfully performed by NDNB, yet it’s another to have put in place a comprehensive monitoring program of one’s internal controls. Known more commonly as “Continuous Monitoring” – the efforts put forth for monitoring, assessing, and modifying internal controls as necessary – it’s a best practice that every business should be performing.

NDNB can help, as we offer numerous supporting forms, checklists, and other initiatives for helping craft a comprehensive, scalable, and workable “Continuous Monitoring” platform for your business. Remember, SSAE 18 SOC 1 compliance is here to stay – there’s no denying that – so what’s needed is a scalable and efficient process for monitoring one’s internal controls on a regular basis.

Long after the auditors have left, you need to put in place a program that oversees the daily operational and information security policies, procedures, and processes within your business, and NDNB can help. From SSAE 18 SOC 1 readiness assessments to SOC 1 Type 1 and Type 2 audits, we are California’s leading provider of regulatory compliance services, so contact us today to learn more. Compliance doesn’t have to be an expensive, time-consuming proposition, especially not with NDNB!

5. Know that Regulatory Compliance is here to Stay. Yes it is here to stay, and it’s not going away – ever. That means your business should fully expect to be prepared for annual SSAE 18 SOC 1 compliance audits, or any other audit that comes your way. With this in mind, you’ll want to find and anoint a true compliance “champion” within your organization, somebody who can help navigate and oversee the entire auditing process from beginning to end.

You’ll also want to ensure this individual is comfortable working with external auditors who can be quite demanding in terms of document requests. Find that champion sooner rather than later!

6. Obtain fixed-fee pricing for SSAE 18 SOC 1 audits. The SOC 1 landscape has indeed become quite competitive in terms of the number of CPA firms offering audit services, which means obtaining a fixed-fee pricing model is essential. NDNB offers California businesses fixed-fee pricing on all our compliance services – SSAE 18 SOC 1, SOC 2, SOC 3, PCI DSS, FISMA, HIPAA, GLBA, and more – so call and speak with CPA Christopher Nickell at 1-800-277-5415, ext. 706, or email at This email address is being protected from spambots. You need JavaScript enabled to view it. today.

NDNB – California’s Leading Provider of Fixed-Fee Audits & Assessments

We’re a household name in the state of California, and we’re proud to offer service organizations in the Golden State fixed-fee pricing on all of our regulatory compliance offerings. Compliance doesn’t have to break the bank and be an incredibly time-consuming and tedious affair, and it’s not with NDNB, so contact us today to learn more. We’re ready to help California businesses succeed with SSAE 18 SOC 1 compliance.