SOC 1 SSAE 18 for Energy/Utilities Marketplace

NDNB is North America’s leading provider of SOC 1 SSAE 18 audit reports for the energy/utilities marketplace. Our personnel have extensive experience auditing this industry as far back as 1997 with the original (now retired) SAS 70 auditing standard. Simply stated – we understand the internal operations of companies in the energy/utilities marketplace and can provide an incredibly efficient and comprehensive audit process from beginning to end.

SOC 1 SSAE 18 Experts for the Energy/Utilities Marketplace

The energy/utilities industry is massive, complex, featuring dozens upon dozens of different providers and business models. What does this all mean for SOC 1 SSAE 18 reporting (and possibly even SOC 2 reporting)? It means finding a firm who has the expertise in understanding this specific sector and who has had years of “in-the-trenches” auditing expertise. That firm is NDNB. Since 2005, we’ve audited dozens of businesses in the energy/utilities marketplace, from actual energy companies to providers of critical I.T. and financial services, and more.

Each client is different. Each client requires a customized SOC 1 SSAE 18 (or again, possibly even a SOC 2) audit program developed for them. This is something NDNB can do, as we’ve successfully audited dozens of companies in this space.

NDNB also offers comprehensive SOC 1 and SOC 2 audits for businesses using Amazon AWS, Microsoft Azure, and Google GCP

Hosting in Amazon AWS and Need a SOC 1 or SOC 2 Audit? Let's Talk.

aws logo

SOC 1 Audit Information You Need to Know for the Energy/Utilities Marketplace

Because every company in the energy/utilities marketplace is truly different from others, it’s important to assess each entity on the merits of their auditing and reporting requirements. With that said, take note of the following essential information:

SOC 1 SSAE 18 or SOC 2?: Good question, so here’s the best way to look at it. If you are performing any type of business processes that can impact the financial reporting of your clients, then SOC 1 SSAE 18 should be your go-to audit. If not, then SOC 1 reporting is the correct auditing mechanism. Because the energy/utilities marketplace is so large and diverse, there are sufficient reasons for companies considering both SOC 1 SSAE 18 or SOC 2 (and sometimes, even both audits)

Begin with a Scoping & Readiness Assessment: New to the world of SOC auditing? If so, then beginning with a scoping & readiness assessment is essential. Here’s what’s covered with NDNB’ process:

  • Identify, confirm and agree on auditing scope boundaries in terms of business processes to assess, personnel, physical locations, relevant third-party providers, and more.
  • Identify, confirm, and put in place a plan-of-action for remediating gaps found during the initial scoping & readiness exercise.
  • Development of project deliverables and associate milestones for the entire SOC 1 SSAE 18 – or SOC 2 – auditing process.

SOC 1 SSAE 18 and SOC 2 Policy Templates and Information Security Policies

Develop ICFR Controls, if Necessary: Again, if it’s a SOC 1 SSAE 18 report you’ve decided on, then make sure to develop – and ultimately test – for the ICFR concept. What’s ICFR – it stands for “Internal Controls Over Financial Reporting”. Companies in the energy/utilities sector that ultimately opt for SOC 1 SSAE 18 reporting do so because they are performing activities that can impact their client’s financials. Examples include billing, invoicing, and collecting of utility payments, measuring energy resources used or expended, and more.

Undertake Essential Remediation: No company has a completely perfect control environment – nobody. Because of this, you should expect some degree of remediation to take place prior to the commencement of your SOC 1 SSAE 18 – or SOC 2 – audit. From developing missing documents to enhancing security controls, expect remediation to occur. NDNB can assist, offering a wide-range of tools and resources for successfully remediating any control environment gaps. Contact Chris Nickell, CPA, at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

Say Hello to the Concept of “Continuous Monitoring”: Performed your SOC 1 SSAE 18 or SOC 2 audit successfully? Great, now the real work begins by ensuring you stay compliant year after year with continuous monitoring efforts of controls. Talk to NDNB about a proven process that’s efficient and cost-effective in monitoring controls for future auditing success.

NDNB is North America’s Leading Provider of SOC Audits

Looking for a well-respected CPA firm that offers fixed-fees to the energy/utilities marketplace for SOC 1 SSAE 18 and SOC 2 compliance? Then get to know NDNB and our expertise and pricing model. Contact Chris Nickell, CPA, at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDNB’s fixed-fees for SOC 1 SSAE 18 Type 1 and Type 2 reporting and SOC 2 Type 1 and Type 2 reporting.