Compliance White Papers

Taking the hassle out of staying compliant

Get A Fixed Fee Quote Today Request a Free Quote

A SOC 1 SSAE 18 Type 1 Report is officially a "Report on management's description of a service organization's system and the suitability of the design of controls".

SOC 1 SSAE 18 Type 1 Reports will Include the Following Content

  • A description of the service organization's "system".
  • A written assertion from management of the service organization that fairly presents the service organization’s system as designed and implemented as at the specified date, and that the controls related to the control objectives stated in the description of the “system” for the service organization were suitably designed to achieve the control objectives as of the specified date.
  • A service auditor’s assurance report.

As with any new standard, expect a number of commonly used terms and phrases to be associated with SOC 1 SSAE 18 Type 1 reporting, such as the following:

  • SOC 1 SSAE 18 Type 1 Service Auditor's Report
  • SOC 1 SSAE 18 Type 1 "Compliance" or "Compliant"
  • SOC 1 SSAE 18 Type 1 "Report" or "Reporting"
  • SOC 1 SSAE 18 Type 1 "Certified" or SOC 1 SSAE 18 Type 1 "Certification"

Please note that the phrase "SOC 1 SSAE 18 Type 1 Certified" or "SOC 1 SSAE 18 Type 1 Certification" is technically incorrect, as a service organization is NOT becoming "certified" or achieving SOC 1 SSAE 18 Type 1 "certification". This incorrect terminology rose to prominence in recent years with the huge popularity of the SAS 70 auditing standard, ultimately resulting in organizations proclaiming themselves as SAS 70 "certified".

Service organizations that would greatly benefit from a SOC 1 SSAE 18 Type 1 report are those that have never gone through any type of audit for reporting on controls (such as  SSAE 16, CICA 5970, or any other region/country specific standard) and who are seeking to ultimately obtain a SOC 1 SSAE 18 Type 2 report.

Why a SOC 1 SSAE 18 Readiness Assessment is Essential

Additionally, regardless if your organization is seeking a SOC 1 SSAE 18 Type 1 or Type 2 report, a SOC 1 SSAE 18 Type 1 Readiness Assessment would be highly beneficial for ensuring you understand the scope of the audit along with the fundamental changes between SSAE 16 and the prior SAS 70 auditing standard.  A competent and highly qualified SOC 1 SSAE 18 auditing firm will be able to provide your organization with a SOC 1 SSAE 18 Type 1 Readiness Assessment.  Contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, to receive a competitive, fixed fee for all your SOC 1 SSAE 18 and SOC 2 compliance needs.

Since 2006, NDNB has been setting the standard for security & compliance regulations