SOC 2 Services

Fixed Fees. Over 1,000 Reports Issued. Online Audit Tools.

Get A Fixed Fee Quote Today Request a Free Quote

NDNB is one of North America’s leading providers of SOC 2 compliance reporting for data centers/co-location facilities, and managed services providers. SOC 2 compliance for data centers/co-location facilities, and managed services providers is growing rapidly, and for good reason, as these types of organizations are often considered prime providers of third-party services to other companies.

NDNB. North America’s SOC 2 Data Center Auditing Experts

Since 2005, NDNB has performed over 100 regulatory compliance audit reports for data center (i.e., SAS 70, SSAE 16 SOC 1, SSAE 18 SOC 1 and SOC 2). We know data centers inside and out, how they operate, what controls and related criteria need to be assessed, and more. We also offer fixed-fee pricing, a wide-range of supporting tools, and more. Speak with Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDNB’s SOC 2 data center auditing expertise.

With the continued expansion of cloud computing and virtualization platforms, SOC 2 compliance for data centers/co-location facilities, and managed services providers will continue to grow rapidly in coming years. Therefore, take note of the following five (5) important points you need to know for ensuring an efficient, cost-effective assessment process:

5 Things to Know for SOC 2 Auditing Success for Data Centers

1. SOC 2 is here to Stay: Say goodbye to the now defunct one-size fits all SAS 70 standard – and to a certain degree – the financially driven SOC 1 SSAE 16 and SSAE 18 standards also. SOC 2 was developed to help with the growing surge of technology-oriented service organizations needing to validate their internal control environment. Data centers, often the repository of client data, have just begun to feel the importance of SOC 2 compliance, one that will continue to grow in the coming years.

2. Define Scope and Choose the Relevant Trust Services Criteria (TSC): Scope, scope, scope…it’s what’s so important when it comes to achieving SOC 2 compliance in a timely manner AND within budget. It means choosing which of the five (one, a few, or all) of the Trust Service Criteria (TSC) are you going to include for the scope of the audit. It also means determining what physical locations, business processes, and personnel are also to be involved in the SOC 2 compliance initiatives.

3. Develop Essential Documentation: A big – and growing part – of SOC 2 compliance for data centers is having documented information security and operational processes procedures in place. That’s right, though SOC 2 is looked upon as a somewhat of a technical audit, don’t lose sight of the fact that numerous processes and procedures are necessary for achieving SOC 2 compliance.

4. Welcome to the World of Regulatory Compliance: It goes without saying that if you’ve been asked to become SOC 2 compliant for your core data center and managed services offerings, then consider this an annual requirement that’s not going away. This means choosing a firm for building a long-term relationship, one that can provide efficiencies of scale for every aspect of SOC 2 compliance. Call and speak with Chris Nickell, CPA, at 1-800-277-5415, ext. 706, to obtain a fixed-fee for all your SOC 2 reporting needs for data centers and managed services.

5. Work with a Firm the Offers Fixed-Fees: A CPA firm that is well-versed in SOC 2 compliance can offer competitively priced fixed-fees as they know exactly the time and overall commitments for such an engagement. It means they are experienced, knowledgeable, and are highly efficient in terms of auditing. Email Chris Nickell at This email address is being protected from spambots. You need JavaScript enabled to view it., to obtain a fixed-fee for all your SOC 2 reporting needs for data centers and managed services.

A Word on PCI DSS Compliance for Data Centers

And a final word on PCI DSS Compliance, since we’re on the topic of audits and assessments. Take note of the following information regarding data centers compliance requirements for PCI DSS, which is fast becoming the most recognized compliance mandate in the world:

Understand YOUR PCI DSS reporting requirements. That’s right, YOURS, not you clients. In today’s world of growing managed services offering, there’s a co-mingling and sharing of roles and responsibilities between the provider and the client. This spills over to many compliance requirements, such as PCI DSS, but even with that said, data centers and managed service providers still have very clear responsibilities. To be even more-clear, you’ll need to draw a line in the sand as to what are YOUR responsibilities for PCI DSS compliance and what are those for your clients.

You cannot expect to be responsible for 100% of all mandated PCI DSS requirements, especially if offering only colocation services or limited managed services (i.e., managed OS only.). To learn more about SOC 2 compliance for data centers and managed services, call Christopher Nickell, CPA, at 1-800-277-5415, ext. 706 today, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it..

Fixed-Fees. Superior Service. Nationwide Coverage

NDNB is North America’s leading provider of SOC 2 compliance reports for data centers. We’ve been heavily involved in data center compliance for years, gaining the necessary knowledge and expertise that results in efficient, comprehensive, and cost-effective auditing. Let’s talk today.

Since 2006, NDNB has been setting the standard for security & compliance regulations

Have Questions?

Contact us for a FREE 15 Minute SOC Audit Phone Consultation

Request A Consultation