SOC 2 Services

Fixed Fees. Over 1,000 Reports Issued. Online Audit Tools.

Get A Fixed Fee Quote Today Request a Free Quote

For healthcare organizations which are seeking to minimize the excessive costs related to HITRUST CSF (Common Security Framework) certification, look no further than NDNB, a PCOAB-registered Certified Public Accounting (CPA) firm with years of experience in healthcare-related regulatory compliance reports.

NDNB offers fixed-fee SOC2 HITRUST reports which encapsulate the majority of reporting criteria of the HITRUST framework in regards to testing and reporting.

Many healthcare entities and their counterparts are seeking compliance with the current SOC2 HITRUST framework set forth by the American Institute of Certified Public Accountants (AICPA), as it still incorporates the most important requirements of the HITRUST CSF, but at a fraction of the cost. When combining the cost savings with the time efficiency created by working with NDNB’s experienced team of auditors, you can’t go wrong.

NDNB also offers comprehensive SOC 1 and SOC 2 audits for businesses using Amazon AWS, Microsoft Azure, and Google GCP.  And if you're using AWS for hosting of your production environment, here's what you need to know NOW about SOC 2 audits.

NDNB – North America’s Leading Provider of SOC2 HITRUST Reports

NDNB, a leading provider of SOC2-related services, offers the following SOC2 HITRUST services for service organizations:

SOC2 HITRUST Scoping & Readiness Assessments

Even a cursory glance at the current HITRUST CSF framework will reveal how extensive and thorough it has become. Rather than undergoing this incredibly taxing and difficult audit, NDNB can help you get started with a SOC2 HITRUST audit. Prior to kicking off your SOC2 HITRUST, a preliminary scoping and readiness assessment is recommended to establish the parameters of the audit itself.

With NDNB’s SOC2 HITRUST scoping & readiness assessment, healthcare providers will receive the following:

  • A thorough discussion of the HITRUST framework which helps to determine which controls are already in place, and which controls need to be augmented or remediated.
  • An analysis of an organization’s needs, ranging from updates to internal documentation, to security and technical needs.
  • A clearly defined scope for the audit, including people, places, and third-party applicability (if any).
  • A determination of whether additional compliance reporting can be addressed by using the HITRUST framework.

NDNB’s SOC2 HITRUST scoping & readiness assessments are thorough and detailed, but also cost-effective, as we offer fixed-fee pricing on each of our compliance engagements. For more information, please contact Chris Nickell, CPA, at This email address is being protected from spambots. You need JavaScript enabled to view it., or call him at 1-800-277-5415, ext. 706.

Technical and Operational Remediation

For some healthcare organizations attempting to gain compliance with the SOC2 HITRUST framework, a scoping and readiness assessment can often reveal certain internal controls which could use various levels of enhancement. These can include – but are certainly not limited to – outdated encryption models, insufficient policy documentation, improper system configurations, improperly protected network devices, and servers / operating systems / applications with minimum provisioning and hardening practices in place. NDNB can provide guidance on correcting these gaps.

SOC2 HITRUST Reports (Type 1 and Type 2)

Annual compliance is a mandate for healthcare organizations; therefore, when your organization becomes compliant, it must stay compliant. It can be challenging to ensure your controls are consistently keeping up with the rigor and intent of the SOC2 HITRUST controls, so NDNB offers continuous monitoring. Our highly-skilled audit staff can monitor, assess, and test your controls quarterly schedule, and provide remediation recommendations where necessary. Please contact Chris Nickell, CPA, at This email address is being protected from spambots. You need JavaScript enabled to view it., or call him at 1-800-277-5415, ext. 706, to learn more about SOC2 HITRUST reporting and how NDNB can assist.

North America’s SOC2 HITRUST Leaders – Fixed Fees

As long as healthcare organizations continue their reliance on information security technologies, the need for protection over all aspects of internal cybersecurity will be ever-present. Accordingly, the need for these organizations to attain SOC2 HITRUST compliance will also stay in the forefront. NDNB is a trusted provider of SOC2 HITRUST services for healthcare organizations all throughout North America.

Our fixed-fee services and high-quality audit methodologies can help your organization obtain compliance quicker than you think. Do you need assistance with SOC2 HITRUST compliance? Turn to NDNB today for HITRUST solutions you can count on.

Since 2006, NDNB has been setting the standard for security & compliance regulations