NDNB is one of North America’s leading providers of SOC 2 compliance reporting for the document & records management industry. As technology has continued to aggressively grow, massive data bandwidth transmission rates and storage solutions have now become largely inexpensive (at least when compared to historical storage costs), allowing business to store large amounts of data securely. This has resulted in an explosion of new companies offering document & records management services.

NDNB also offers comprehensive SOC 1 and SOC 2 audits for businesses using Amazon AWS, Microsoft Azure, and Google GCP.  If you're using AWS for hosting of your production environment, here's what you need to know NOW about SOC 2 audits.

NDNB. North America’s Document & Records Management Audit Experts

NDNB has successfully performed over 45 regulatory compliance assessments since 2005 on various document & records management companies. This includes a combination of SAS 70, SOC 1 SSAE 16, SSAE 18, and SOC 2 audit reports. We know the industry very well, the solutions in place, and can offer high-quality, comprehensive, fixed-fee SOC 2 audits for the document & records management services industry.

With advances in technology, it’s only fair to assume that the document & records management industry is going to continue to witness strong growth, and with that, large regulatory compliance reporting mandates. NDNB is there for you every step of the way for helping ensure an efficient, cost-effective, and comprehensive SOC 2 audit process. Contact Chris Nickell today at NDNB at 1-800-277-5415, ext. 706, or via email at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about our SOC 2 – and other audit services – for the document & records management industry.

4 Things to Know for SOC 2 Auditing Success for Document & Records Management

Confirm Scope: The phrase “document & records management” is rather large and expansive, so it’s important to validate what the actual business process or processes are that will be included within the scope of a SOC 2 audit report. For example, consider the following business services that could be in-scope:

  1. Data storage/archival
  2. Records management
  3. Workflow automation
  4. eDiscovery

Along with confirming business scope, you’ll also need to scope in terms of information systems, personnel, physical locations, third-party providers, etc. The more you can accurately identify all important elements of the audit before it commences, the greater the chances of reducing the dreaded “scope creep”.

Remediate all Issues Prior to the Audit: One of the more challenging – and often overlooked – aspects of regulatory compliance are remediating control gaps. Perhaps you have missing processes and procedures, security controls are not functioning properly – whatever the case may be – remediation can be costly in terms of time and money. It has to be done, and NDNB can assist. Talk to us today about our remediation services and solutions for the document & records management industry.

Assess Controls throughout the Entire Lifecycle: When assessing the scope of services to be included in your SOC report, make sure to conduct testing for the essential controls that form the very fabric of document & records management activities. Document collection, you need to assess controls relating to the secure transmission and storage of data. As for records management, you need to assess controls relating to the scanning, analyzing, classification, and storage of records.

Be Prepared for Annual SOC 2 (or even SOC 1 SSAE 18) Compliance: Regulatory compliance isn’t going way – rather – it’s only becoming more of the “norm” for many industries, especially businesses performing document & records management activities. This means you’ll need to put in place continuous monitoring activities for ensuring controls are regularly inspected and enhanced as necessary.

Fixed-Fees. Superior Service. Nationwide Coverage

NDNB can assist in developing a program that’s efficient and cost effective. Contact Chris Nickell today at NDNB at 1-800-277-5415, ext. 706, or via email at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about our SOC 2 – and other audit services – for the document & records management industry.