NDNB offers a highly efficient, scalable, and workable SSAE 18 SOC 1 compliance roadmap, a lockstep process that’s been refined and fine-tuned over the years, beginning as far back as 1992 with the now historical SAS 70 auditing standard. SSAE 18 SOC 1 audits can be incredibly challenging and time-consuming – there’s no debating that – so what’s needed is a roadmap, a true understanding of what it takes to successfully undertake and complete an SSAE 18 SOC 1 assessment on time and on budget.

When it comes to SSAE 18 SOC 1 audits for businesses throughout Atlanta, along with the surrounding Southeast region – and all throughout the United States – look to the experts at NDNB.

SSAE 18 SOC 1 Roadmap to Compliance for Atlanta, Georgia Businesses

Readiness Assessment: Let’s not put the cart before the horse – as the old saying goes – when it comes to SSAE 18 SOC 1 compliance. Specifically, jumping headfirst into a SSAE 18 SOC 1 audit without proper preparation is not recommended, that’s why NDNB recommends performing a readiness assessment, especially for service organizations new to the AICPA Service Organization Control (SOC) framework. Benefits include the following: a true picture of one’s internal control environment, such as the policies, procedures, and processes that will ultimately be assessed during an SSAE 18 SOC 1 audit.

Another big component of an SSAE 18 SOC 1 scoping & readiness assessment is scope, specifically, determining what information systems are to be examined and possibly tested for compliance, what personnel are going to be involved in the audit, what physical locations are to visited and more. It’s also important to put together a comprehensive asset inventory list of all information systems, such as the following: firewalls, routers, switches, load balancer, servers, and the underlying applications running on each server.

The more information you can share and discuss, the better chances that both parties (i.e., the auditors performing the audit and the service organization undergoing the audit) have a clear understanding of the overall direction of the SSAE 18 SOC 1 assessment.

Remediation: Call it the big “R” in the world of SSAE 18 SOC 1 compliance – or any type of regulation – in today’s world. Remediation is about correcting all the gaps, deficiencies, and weaknesses identified during the actual readiness assessment. And to no surprise, policies and procedures are always at the top of the list – why – because companies loathe authoring documentation, yet it’s a critical component of SSAE 18 SOC 1 reporting. The simple solution for policies is letting NDNB author them for you, so contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

But policies are nothing more than words printed on paper if they’re not implemented and followed, and it’s why the actual procedures, processes, and practices (call it the 3 big P’s) need to be in place. This often requires changing the way things are being done, along with implementing a new corporate culture of compliance throughout the organization. It’s not an overnight process, but it’s one we have years of experience with. In short, remediation it means implementing numerous mandated SSAE 18 SOC 1 controls and other best practices for helping ensuring the safety and security of critical systems.

Audit Activities: Curious as to the activities for an SSAE 18 SOC 1 audit? It’s about providing auditors with a laundry list of documents – such as policies and procedures – to screenshots of system configurations, along with re-performance of activities and physical inspection of controls – and more. Audits can be time-consuming – no doubt about it – but NDNB offers complimentary online portals and tools for expediting all requests, ultimately making life easier for you.

The Final Report: We’re often asked what is the final deliverable for SSAE 18 SOC 1 compliance – a certificate, a report, a statement – or something else? The final deliverable is a Service Auditor’s Report, one that includes an opinion letter, a description of the service organization’s system, the written assertion by management, and audit results (assessment and possible testing procedures). Moreover, a final SSAE 18 SOC 2 Service Auditor’s Report can be as “short” as 30 pages or even as long as 100 + or more, just depending on many circumstances, such as audit scope, etc.

NDNB – Atlanta’s Leading Provider of Fixed-Fee SOC Audits

NDNB has been providing high-quality, fixed-fee pricing to Atlanta, Georgia metro businesses for more than a decade now, and we’re ready to help your business do battle with today’s ever-growing and complex regulatory compliance mandates. Growing your business is about making money – not spending untold sums on costly audits – we get it – so call and speak with Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDNB’s SOC 1, SOC 2, SOC 3, PCI DSS, HIPAA, FISMA, GLBA – and more – services.