Security & Compliance Blog

Stay informed on changing compliance regulations

Get A Fixed Fee Quote Today Request a Free Quote

SSAE 18 SOC 1 Introduction and Overview for Washington DC Metro, Maryland, and Northern Virginia Businesses

NDNB is a leading provider of SSAE 18 SOC 1 assessments for Washington DC, Maryland, and Northern Virginia service organizations. With fixed-fee pricing and years of experience in regulatory compliance, we offer highly efficient audit services that save businesses both time and money. The DC metro area is arguably now the biggest I.T. region in North America – surpassing even coveted Silicon Valley in various metrics – which ultimately means big and looming regulatory compliance mandates are just around the corner for thousands of businesses.

From Northern Virginia to Annapolis, we’re a Household Name

Looking for a firm with true roots in the DC Metro region, then look no further than the professionals at NDNB, as many of our founding partners not only call the area home, they have also spent decades raising their families and starting their careers here. The Washington, D.C. metropolitan area is a fascinating, complex and lively region, offering incredible opportunities for all walks of life, and its one reason the region is still experiencing massive growth.

As such, NDNB has positioned itself as a hometown service provider of regulatory compliance services, offering fixed-fee assessments for many of today’s challenging and demanding rulings and regulations. Getting ready, prepared, and successfully executing on today’s complex and time-consuming compliance mandates requires expert knowledge and audit “know-how” – traits that NDNB exhibits with each of our clients.

What DC Metro Businesses Need to Know for SSAE 18 SOC 1

We’ve put together the following detailed and comprehensive SSAE 18 SOC 1 introduction and overview for Washington DC, Maryland, and Northern Virginia businesses for helping gain a greater understanding of one of today’s most demanding compliance mandates. SOC 1 compliance is here to stay, so it’s important to gain a strong technical understanding of all the relevant aspects of the AICPA Service Organization Control (SOC) framework.

Learn about the SOC Framework: For audit reporting periods on or after June 15, 2011, the business world was given the American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC) reporting framework, consisting of SOC 1, SOC 2, and SOC 3 reporting. Gone was the one-size fits all – and much maligned and misused SAS 70 auditing standard – making way for three (3) new viable options for reporting on a service organization’s internal control environment. Fast forward from 2011 and you now SOC reports being issued on businesses all throughout the globe.

Understand the ICFR Concept: What’s ICFR – it stands for "Internal Controls over Financial Reporting”, a concept that’s deeply embedded in the philosophy of SSAE 18 SOC 1 auditing. Specifically, if a service organization is conducting activities for their clients, and such actions have the ability to impact the actual client’s financial reporting, then the ICFR platform should be assessed and examined for purposes of SSAE 18 SOC 1 auditing.

This means developing, examining and testing (for an SSAE 18 SOC 1 Type 2 audit) control objectives in relation to ICFR, for which a well-qualified CPA firm, such as NDNB can provide. Call and speak with Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706., or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about SSAE 18 SOC 1 and ICFR.

Be Prepared to Provide Audit Evidence: Auditing means collecting comprehensive material from the service organization, such as policies, other supporting documents, along with critical evidence from information systems. This can be a time-consuming process if new to SSAE 18 SOC 1 auditing – or if you’re working with an inexperienced firm – and it’s why NDNB has a proven, lockstep process that’s efficient, comprehensive, and easy-to-follow. Time is money for everyone – no question about it – and NDNB has perfected the auditing process over the years, resulting in minimal business impact to an organization.

Develop all Necessary Policies and Procedures: Did you know that probably the most time-consuming and laboring process of becoming SSAE 18 SOC 1 compliant is developing all mandated information security and operational policies and procedures? That’s right, documentation can eat up quite a bit of time, thankfully NDNB provides all of our Washington DC, Maryland, and Northern Virginia clients with an in-depth set of information security policies, procedures, templates, along with critical security provisioning and hardening documents, ultimately saving businesses thousands of dollars on regulatory compliance costs regarding SSAE 18 SOC 1.

Understand the Importance of Remediation: Call it what you want – we call it the big “R” – and it’s something every company must undertake during an SSAE 18 SOC 1 assessment, and why? Because every company – and we mean every – always has a policy, process, or procedure that can be improved upon. Some companies have to spend a tremendous amount of time on remediation, while others don’t, it just depends on the outcome of one’s SSAE 18 SOC 1 readiness assessment.

Description of the System and Management Assertion: SSAE 18 SOC 1 compliance requires management of the service organization to develop and provide both a description of one’s “system”, along with a written statement of assertion. The description of a “system” is effectively a comprehensive narrative discussing organizational policies, procedures, and processes as it relates to the scope of the audit itself. As for the written assertion by management, it must be provided to the auditors by the service organization that attests to a number of auditing clauses.

DC Metro’s Leading Provider of Fixed-Fee Regulatory Compliance Services

Regulatory compliance is all about the 3 P’s – policies, procedures, and processes – they all need to be documented, formalized, and assessed on an annual basis for ensuring your organization’s long-term compliance needs are met. We can help, so contact us today to learn more about NDNB’s services for Washington DC, Maryland, and Northern Virginia businesses.

NDNB is one of the nation’s premier providers of SSAE 18 SOC 1 compliance – including SOC 2, SOC 3, HIPAA, PCI DSS, FISMA, NIST, and more – so let’s talk today about our proven, fixed-fee methodology by contacting Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706., or email him at This email address is being protected from spambots. You need JavaScript enabled to view it., today.

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Atlanta, Georgia PCI-QSA Services, Consulting, Cer...
SOC 2 Remediation Services for California Business...
Since 2006, NDNB has been setting the standard for security & compliance regulations