Need to perform a SOC 1 SSAE 18 audit, but not sure where to begin? The very best – and first – place to start the audit process is with a SOC 1 SSAE 18 Scoping & Readiness Assessment. When performed correctly – by a competent CPA firm – the benefits are tremendous, indeed. NDB offers fixed-fee audits, and as part of the process, also includes an upfront SOC 1 SSAE 18 Scoping & Readiness Assessment as part of overall auditing lifecycle.

Benefits of a SOC 1 SSAE 18 Scoping & Readiness Assessment

Determine actual Scope of the Audit: The very first – and most important issue – to determine when embarking upon SOC 1 SSAE 18 compliance is determining the actual scope of the audit. Specifically, what’s the business process in scope? Remember, that it’s important to understand how your services impact financial reporting for clients, a concept known as ICFR.

After all, the core reason why a SOC 1 SSAE 18 audit is being performed - and not a SOC 2 audit – is because there’s a direct financial implication involved with your clients. Simply stated, how do you affect your client’s financial reporting. Bottom line – get to the heart of the issue regarding ICFR. A highly competent CPA firm, such as NDB – can help with this very important issue. To learn more, contact Christopher Nickel, CPA, at 1-800-277-5415, ext. 706, or email him directly at This email address is being protected from spambots. You need JavaScript enabled to view it. today. NDB offers a wide-range of regulatory compliance services and solutions for businesses all throughout North America and Europe.

Identify gaps and areas of remediation: Almost every service organization undertaking SOC 1 SSAE 18 compliance will have some type of meaningful remediation to perform, that’s just the reality of auditing. From missing information security policies and procedures to poorly configured I.T. Systems, it’s important to determine such gaps – and then put in place a plan-of-action for correcting them. A SOC 1 SSAE 18 Scoping & Readiness Assessment identifies all these issues, and more.

Determine personal and physical locations: There’s definitely going to be people involved and places to visit – after all – that’s what makes and audit an audit (yes, even in the world of COVID-19). It’s therefore important to scope out this issue with the CPA firm you’ve chosen to perform the SOC 1 SSAE 18 assessment.

Assess third-party vendor scope: Today, more then ever, third-party vendors are playing a critical role when it comes to SOC 1 SSAE 18 audits. Why? Because these very vendors are performing a function that’s considered critical to your operations. Because of this, they are brought into the scope of the actual audit, and MUST be assessed for compliance.

Turn to NDB for SOC 1 SSAE 18 Remediation

Information Security Policy and Procedure Writing Services: A very large – and growing part – of SOC 1 SSAE 18 compliance is documentation, and it’s why NDB offers comprehensive policy writing services for our clients. The time and effort needed for developing high-quality, comprehensive, SSAE 18 SOC 1 minimum required policies and procedures can be incredibly time-consuming and operationally challenging. The best advice we can give our clients – if you don’t have documentation in place – is allowing NDB to provide you with our in-depth and easy-to-use information security policy and procedures writing services.

Technical/Security Remediation: While developing information security policies and procedures is a critical component for ensuring a successful SOC 1 SSAE 18 assessment, so is the ability to properly configure all in-scope systems with necessary security settings. For example, technical/security remediation means putting in place strong firewall rules, adequately hardened servers, comprehensive password complexity rules, and more – all the essential foundational best practices within the broader context of information security.

Operational Remediation: Have you performed a risk assessment, tested your incident response plan, or trained your employees on security issues? These are just a few examples of what NDB calls “operational” areas that require remediation for a successful SOC 1 SSAE 18 audit.

We are North America’s SOC 1 and SOC 2 Auditing Experts

NDB offers fixed fees, superior service, and that’s just for starters! We’re much more than just an auditing firm, we’re a trusted partner for anything related to regulatory compliance. To learn more, contact Christopher Nickel, CPA, at 1-800-277-5415, ext. 706, or email him directly at This email address is being protected from spambots. You need JavaScript enabled to view it. today. NDB offers a wide-range of regulatory compliance services and solutions for businesses all throughout North America and Europe.