Auditing Expertise for PA, NJ, NY, and CT Businesses

Businesses all throughout Manhattan, New York City, New Jersey, Long Island, Connecticut, and Philadelphia can now gain a comprehensive and in-depth introduction and overview of SSAE 18 SOC 1 audits, courtesy of NDNB, one of North America’s leading providers of regulatory compliance services and solutions.

SSAE 18 SOC 1 Overview for Tri-State Area Businesses

Here’s what you need to know about SSAE 18 SOC 1 audits and also how they differ from their well-known sibling – the SOC 2 audit framework – which is being adopted by a large number of technology driven service organizations.
SOC Framework: There are three (3) reporting options under the AICPA Service Organization Control (SOC) platform – SOC 1, SOC 2, and SOC 3. While SOC 1 uses the well-known SSAE 18 standard for performing SOC 1 audits, SOC 2 and SOC 3 use a much lesser known standard called AT 101. For clarity, just remember that SSAE 18 SOC 1 reporting is an assessment generally conducted on service organizations offering services to clients that can impact financial reporting for such clients.

As for SOC 2, think data centers, cloud service providers, and other technology organizations – they’re prime candidates for this type of assessment. To learn more, contact Christopher Nickell at This email address is being protected from spambots. You need JavaScript enabled to view it. or call him at 1-800-277-5415, ext. 706 today.

ICFR Concept: Here’s where things get a little technical in terms of illustrating more of the differences between SOC 1 and SOC 2. SOC 1 audits, as just stated, are generally performed on service organizations who conduct services that can impact their client’s financial reporting – a concept known as “Internal Controls over Financial Reporting”, or simply ICFR. So, ask yourself this – “Do we perform any such services that are financial in nature”, and if so, you should be conducting SSAE 18 SOC 1 assessments. While there are businesses that still seem to be assessing against the SSAE 18 standard for SOC 1 reporting – but don’t have a real or credible relationship with the ICFR concept – the better fitting assessment is SOC 2 reporting.

Scope Considerations and Control Objectives: It’s important to understand, assess – and ultimately confirm – the specific auditing & scoping boundaries for SSAE 18 SOC 1 and SOC 2 assessments, and for a number of obvious reasons. First, audits seem to always have a tendency to grow in terms of scope and costs – and without clearly defined boundaries – that’s exactly what will happen. Talk to your clients, prospects, and the CPA firm performing the SSAE 18 SOC 1 audit and gain a greater understanding of exactly what should be included in the scope of the report. Once this has been accomplished, other pieces of the scoping puzzle should fall into place, such as systems in scope, personnel involved, facilities to visit, etc.

SSAE 18 SOC 1 or SOC 2 Reporting? SOC 1 vs. SOC 2 seems to be a hot topic and for good reason as service organizations often find themselves having to choose between either SSAE 18 SOC 1 compliance or performing SOC 2 assessments. While your clients ultimately will politely “inform” you of which assessment they prefer, its’ important to know the differences between the two. SSAE 18 SOC 1 assessments are geared towards service organizations who perform services that could impact their client’s financial reporting – a concept known as “ICFR”.

While the SSAE 16 (and now, SSAE 18) SOC 1 standard shot out of the gate quickly and became the de facto assessment that replaced the aging and misused SAS 70 auditing standard, SOC 2 has caught up, and in many industries and sectors, is now the go-to assessment process, particularly for technology businesses. From data centers to cloud computing – and more – SOC 2 compliance is the favored assessment.

Documentation is Absolutely Critical: Policies and procedures are an incredibly large element of regulatory compliance – and that’s especially true with SSAE 18 SOC 1 and SOC 2 compliance – and it’s why NDNB offers complimentary policy templates to clients for helping them conquer the necessary documentation mandates. While SSAE 18SOC 1 may be looked upon as an assessment dealing with financial controls, there’s still a tremendous amount of technology embedded in such an audit because many of the processes supporting the financial controls are I.T. related. Service organizations often find that remediation concerning policies and procedures is without question the most demanding and time-consuming aspect of the entire audit process!

After all, who wants to spend endless hours authoring a comprehensive set of information security documents – not you – so do what other companies do and that’s rely on NDNB’s information security policy writing services. Services organizations all throughout Manhattan, New York, City, New Jersey, Long Island, Connecticut, and Philadelphia finally have a proven source for offering a complete life cycle of compliance services for SOC 2 audits. From readiness assessments, remediation services to SOC 2 Type 1 and SOC 2 Type 2 services, NDNB is the unquestioned leader. To learn more, contact Christopher Nickell at This email address is being protected from spambots. You need JavaScript enabled to view it. or call him at 1-800-277-5415, ext. 706 today.

Service Organization Requirements: Your duties as a service organization undergoing SSAE 18 SOC 1 compliance are the following: (1). Provide clarity to the auditors on everything they’re requesting and asking. (2). Producing all necessary audit deliverables for the assessment, such as policy documents, screenshots, assisting with physical inspection of facilities, and more. (3). Keeping management abreast of the current audit status and how the business is performing in terms of compliance.

Additionally, you also have a responsibility to assist in all relevant aspects of the audit with the auditors. Specifically, you’ll be asked for numerous deliverables – screen shots, signed memos, system settings & configuration documents, and more – thus it’s your duty to comply and be helpful on all fronts. The success of your audit is highly dependent upon your input and cooperation with the CPA firm performing the SSAE 18 SOC 1 assessment, so please keep this in mind.

Why NDNB? Because we’re one of North America’s leading providers of high-quality regulatory compliance services, offering a wide array of audit services, ranging from SSAE 18 SOC 1 compliance to SOC 2, SOC 3, PCI DSS, HIPAA, GLBA, and much more. Additionally, we offer fixed-fee pricing for all our services, along with a laundry list of supporting tools and solutions for helping enable rapid and complete compliance with today’s demanding regulations. From scoping & readiness assessments to issuing formalized audit findings & reports, we’re the firm to talk to.

Industry Leading Auditors for the Tri-State Area – Let’s Talk

NDNB offers high-quality, fixed fee SOC 2 assessments, along with additional supporting services and solutions, such as readiness assessments, policy and procedures writing services, and so much more, so talk to the experts today by contacting Christopher Nickell at This email address is being protected from spambots. You need JavaScript enabled to view it. or calling him at 1-800-277-5415, ext. 706 today. When it comes to regulatory compliance needs for Manhattan, New York City, New Jersey, Long Island, Connecticut, and Philadelphia businesses, contact the experts at NDNB today.