SOC 2 Type 1 certification audits are offered from NDNB, North America’s leading provider of high-quality, competitively prices System and Organization Controls (SOC) assessments. Additionally, SOC 2 Type 1 certification audits performed by NDNB also come complete with a complimentary SOC 2 Policy Packet containing hundreds of pages of critical information security and operational specific policies, procedures, and much more.

We provide a complimentary SOC 2 Policy Packet for each our clients! Please note that while the term “SOC 2 certification” is well-known and used, it is actually an incorrect statement as no certification is provided. Rather, a SOC 2 audit is an assessment conducted in accordance with stated AICPA standards, such as the Trust Services Criteria, one that results in the issuance of a SOC 2 report, complete with an attestation.

Here’s what you need to know about SOC 2 Type 1 audits, courtesy of NDNB, North America’s leading provider of SSAE 18 SOC 1 and SOC 2 assessments:

1. SOC 2 Type 1 Audits are a Starting Point: Call it the essential stepping stone process for SOC 2 compliance whereby companies new to internal control audits begin with a SOC 2 Type 1, then subsequently “graduate” and move on to annual SOC 2 Type 2 assessments in future periods. A SOC 2 Type 1 also helps lay the fundamental groundwork for policies, procedures, and processes that will ultimately be assessed during the SOC 2 Type 2 test period.

SOC 2 Type 1 certification audits are offered from NDNB, North America’s leading provider of high-quality, competitively prices System and Organization Controls (SOC) assessments. Additionally, SOC 2 Type 1 certification audits performed by NDNB also come complete with a complimentary SOC 2 Policy Packet containing hundreds of pages of critical information security and operational specific policies, procedures, and much more.

We provide a complimentary SOC 2 Policy Packet for each our clients! Please note that while the term “SOC 2 certification” is well-known and used, it is actually an incorrect statement as no certification is provided. Rather, a SOC 2 audit is an assessment conducted in accordance with stated AICPA standards, such as the Trust Services Criteria, one that results in the issuance of a SOC 2 report, complete with an attestation.

Here’s what you need to know about SOC 2 Type 1 audits, courtesy of NDNB, North America’s leading provider of SSAE 18 SOC 1 and SOC 2 assessments:

1. SOC 2 Type 1 Audits are a Starting Point: Call it the essential stepping stone process for SOC 2 compliance whereby companies new to internal control audits begin with a SOC 2 Type 1, then subsequently “graduate” and move on to annual SOC 2 Type 2 assessments in future periods. A SOC 2 Type 1 also helps lay the fundamental groundwork for policies, procedures, and processes that will ultimately be assessed during the SOC 2 Type 2 test period.

Remember that a SOC 2 Type 1 audit is simply an audit for a specific point in time, such as August 27 20xx, whereas a SOC 2 Type 2 audit report covers an actual test period – generally six (6) months, or more – such as January 1, 20xx to June 30, 20xx. They are quite different in terms of workload and deliverables, so keep this in mind.

2. A SOC 2 Readiness Assessment is Essential: Walking straight into a SOC 2 Type 1 or Type 2 assessment with hardly any preparation or due-diligence is a potential recipe for disaster, and here’s why. You’ll want to clearly assess audit scope boundaries, while also determining what gaps and deficiencies exist within your internal control environment. From what systems will be assessed, what personal will be involved, and what remediation items were found – a SOC 2 readiness assessment is absolutely vital.

3. Remediation is a Must: Almost every business performing a SOC 2 assessment will have some type of remediation to perform – how much depends upon the overall maturity of one’s control environment – and it’s why NDNB offers comprehensive solutions for helping businesses remediate critical control issues. From policies and procedures to technical configuration changes – and more – NDNB can assist with any and all remediation issues.

Some businesses exhibit a very mature control environment, ultimately requiring minimal remediation activities, but the vast majority of service organizations we work with do require moderate to meaningful remediation initiatives – with information security policies and procedures always high on the list. Companies simply lack the manpower for documenting internal controls and processes, and it’s why NDNB offers a complimentary SOC 2 Policy Packet containing dozens of policy templates for helping ensure rapid SOC 2 compliance.

4. Policies and Procedures are Critical: Documentation – specifically, information security policies and procedures – is without question one of the most demanding, grueling, and time-consuming aspects of SOC 2 compliance. Why? Because many of the “Common Criteria” provisions contained within the Trust Services Criteria (TSP) essentially require policy documentation to be in place – it’s just that simple. Think change management, data backup & recovery, incident response, access control, and others – they’re all essential security domains that reputable auditors assess during a SOC 2 audit.

5. Compliance is here to stay: There’s no such thing as “one and done” in the world of regulatory compliance, particularly when it comes to SOC 2 compliance. In fact, most service organizations are well aware of the fact that they’ll be performing SOC 2 audits every year, so doesn’t it just make sense to build a strong, healthy working relationship with a single CPA firm who can guide you through the process for years? It does, and that firm is NDNB, a nationally recognized IR CPA firm that provided fixed-fees and high-quality audit services. Call Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

6. Why Consider NDNB: Because for more than a decade we’ve been a proven, trusted provider of numerous regulatory compliance services all throughout North America and the world. From SOC 1, SOC 2, and PCI DSS compliance to HIPAA, FISMA, GLBA assessments – and more – NDNB is the name to know. We also offer numerous supporting services for all of our assessments – such as policy and procedure writing, gap analysis findings, and more – so call Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

Hosting in Amazon AWS and Need a SOC 1 or SOC 2 Audit? Let's Talk.

7. What Next? Contact us today so we can better asses your SOC 2 needs, which should begin by performing a comprehensive, yet brief, and cost-effective SOC 2 scoping & readiness assessment by industry leading professionals. Want a true, unbiased understanding of your internal control environment and what steps need to be taken for correcting all gaps and deficiencies, then let’s talk. From our SOC 2 Policy Packet containing dozens of essential policies and procedures to other helpful services, we can get you on the right track for regulatory compliance – after all – we’ve been helping companies all throughout North America with today’s demanding compliance laws and regulations.

• SOC 2 Type 1 certification is performed for an “as of” date, as opposed to SOC 2 Type 2 audits, which are assessments conducted over a stated time period.
• SOC 2 Type 1 certification is a great stepping stone towards SOC 2 Type 2 audits.
• SOC 2 Type 1 certification is vastly different from SOC 1 Type 1 assessments.
• SOC 2 Type 1 certification is geared towards many of today’s technology driven service organizations.
• Receive a complimentary SOC 2 Policy Packet from NDNB!

Speak with Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it., and receive a competitively priced fixed fee for SOC 2 Type 1 certification today.