Security & Compliance Blog

Stay informed on changing compliance regulations

Get A Fixed Fee Quote Today Request a Free Quote

SOC 2 Compliance Audits Atlanta, GA – 9 Steps for Auditing Success

SOC 2 compliance audits for Atlanta, Georgia service organizations are often a necessity in today’s world of growing regulatory compliance, so turn to the auditing professionals today at NDNB. We’ve issued hundreds of SOC 2 reports since the launch of the new AICPA System and Organization Controls (SOC) framework in 2011, so call and speak with Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more today.

We’re Georgia’s Compliance Leaders – Let’s Talk

It’s no secret that regulatory compliance is alive and well all throughout North America, and definitely in Atlanta, Georgia due to the tremendous growth of information technology in the Southeast. Georgia is without question one of the leading centers for commerce in the United States, and what’s not to love about our business climate – a diverse mixture of companies, great access to transportation and resources, and so much more.

Yet with all the advantages Atlanta offers businesses, keep in mind that big compliance mandates come along with organizational success. The more you grow, the more RFPs you’re answering and winning, but it also means that compliance audits – SOC 1, SOC 2, PCI DSS, HIPAA, and others – are becoming a strict mandate. We can help, as Atlanta is our home, offering extensive compliance services and solutions to Georgia businesses.

NDNB – Atlanta’s SOC 2 Compliance Leaders – Fixed Fees

NDNB provides competitively priced, fixed fee SOC 2 compliance audits for Atlanta, GA businesses – whatever the industry may be – from agriculture to information technology, our assessment activities are efficient, scalable, and high-quality. Additionally, NDNB also offers numerous supporting tools and documentation – such as our SOC 2 Policy Packet – which greatly assists in developing all mandated security policies for SOC 2 compliance.

Hosting in Amazon AWS and Need a SOC 1 or SOC 2 Audit? Let's Talk.

aws logo

We’ve been one of Georgia’s leading providers of regulatory compliance services for years, as we started years ago working with the now retired SAS 70 auditing standard, now offering comprehensive audits in accordance with the AICPA Service Organization Control (SOC) reporting standard. Along the way, we’ve built an incredibly efficient, scalable, and cost-effective roadmap for helping Atlanta businesses become SOC 1, SOC 2, and SOC 3 compliant.

SOC 2 Compliance Roadmap – 9 Essential Steps for Auditing Success

1. Get Ready: Getting ready for a SOC 2 compliance audit also means understanding your environment, what gaps, deficiencies and the challenges are in front of you. Therefore, undertaking a comprehensive SOC 2 readiness assessment is highly suggested as it prepares everyone for the overall audit, while ensuring all critical issues have been readily assessed, with action plans in place for remediation, and more.

2. What’s the Business Process: Scope is what ultimately defines the overall duration, complexity, and hours spent on an audit, so it’s important to assess essential items before the assessment actually begins, hence, a SOC 2 readiness assessment is highly recommended. Why – because it’s about identifying specific business functions to be included in the audit, identifying gaps and deficiencies in your control environment, along with also building a true working relationship with your auditor. If you’re a service organization new to SOC 2 compliance, then a readiness assessment is a must.

3. Keep something very important in mind:  you’ll want to ensure that the dreaded “scope creep” never enters into the equation for your SOC 2 audit – which unfortunately is often the case – and that’s because the audit itself wasn’t properly planned or prioritized. Knowing what systems, personnel, business functions, and physical locations are in scope will go a long way in helping complete a SOC 2 assessment on time and within you budget – trust us on this one!

4. Have an Asset Inventory Ready: Do you have a complete listing of all your information systems, an asset inventory that lists the names, hostnames, locations, use, applicable IP addresses – and more – of your systems? If not, it’s time to put one together, and for two main reasons. First, auditors will use them for determining population and sampling for a SOC 2 assessment, and secondly, it’s a good practice to keep an updated listing of your systems. Remember, you can’t protect what you don’t know you have.

5. Pick the Applicable TSP’s: The AICPA Trust Services Criteria (TSP) form one of the most essential elements of SOC 2 reporting, and they consist of security, availability, processing integrity, confidentiality, and privacy. Moreover, they each have their certain function for SOC 2 reporting, along with their applicable testing requirements, more commonly known as “common criteria”.

As for which TSPS’s to use for SOC 2 reporting – that depends on a number of factors – such as client requests, internal mandates, and other essential elements. Talk to NDNB today and learn more about the AICPA Trust Service Criteria.

6. Get Ready to Remediate: The overall success of a SOC 2 compliance audit is highly dependent upon remediating all weaknesses found during the actual readiness assessment, which means putting in place all necessary policies and procedures, and more. In fact, policy documentation is generally the most demanding – and time-consuming – aspect of regulatory compliance for SOC 2 assessments.

SOC 2 Policy Templates Information Security Policies and Procedures

Luckily, NDNB offers an enormous amount of policy templates for helping ensure a successful SOC 2 audit process from day one – it’s the NDNB difference, so call and speak with Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him today at cnickell/

7. More Remediation: Another area of remediation is making changes to information systems – specifically – configuration changes to system settings, such as stronger passwords, better firewall filtering rules, enhanced monitoring techniques, and more. Look upon remediation as both operational – in that policies must be developed – and technical, in that configuration enhancements must be undertaken for ensuring the confidentiality, integrity, and availability (CIA) of critical organizational assets.  With NDNB’s proven process for SOC 2 compliance, remediation becomes a highly efficient process, not a laborious and time-consuming effort.

8. Collecting Audit Evidence: NDNB has a highly efficient audit collection process, one that minimizes business interruption by utilizing numerous secure web-based tools, such as our client portal. Additionally, the old days of auditors spending weeks at a client’s site, asking questions and taking up valuable time is long gone – it’s about efficiency, and that’s what NDNB is very good at. From collecting screen shots to policies and procedures – and more – there’s quite a bit of audit evidence to collect for SOC 2 compliance assessments, but we make it easy.

9. Writing the Report: The actual SOC 2 deliverable received is called a Service Auditor’s Report, which contains a description of the service organization’s system, a written statement of assertion by management, along with other relevant information. Lastly, just remember that there is no such thing as SOC 2 “certification” or “certified”, as this is incorrect.

Call and speak with Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him today at cnickell/ to learn more about NDNB’s SOC 2 services for Atlanta, Georgia businesses.

SOC 2 Compliance Audits Atlanta, GA – Fixed Fees

The Atlanta, GA metro area is one of the fastest growing tech areas in the entire country – and for good reason – as our city offers great weather, low cost of living, and many other amenities. With an ever-changing regulatory compliance landscape, one that continues to promote stricter security rules and guidelines, the time is now for reaching out to Georgia’s premier SOC 2 compliance firm, and that’s NDNB.

We also offer a broad range of regulatory compliance services, such as SOC 2, HIPAA, FISMA – and much more – so contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him today at cnickell/

NDNB also offers complimentary advisory services for helping you properly plan and prepare for your SOC 2 audit. It’s just one of the many differentiators that sets us apart from other CPA firms. We’re much more than just auditors, we’re proven and trusted compliance experts ready to help Georgia businesses succeed in today’s competitive landscape.



Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

6 Things to Know about SSAE 18 SOC 1 for Californi...
SOC 2 Compliance Consultant – Getting you Ready fo...
Since 2006, NDNB has been setting the standard for security & compliance regulations