Compliance White Papers

Taking the hassle out of staying compliant

Get A Fixed Fee Quote Today Request a Free Quote

NDNB offers comprehensive SOC 2 readiness assessment services for Washington DC, Maryland, and Northern Virginia Businesses in helping get prepared for annual SOC 2 Type 1 and SOC 2 Type 2 audits. With years of performing regulatory compliance assessments, NDNB is one of the premier CPA performs offering a wide variety of professional services and solutions for Washington DC, Maryland, and Northern Virginia Businesses. We offer the following SOC 2 readiness assessment services & solutions for helping service organizations get prepared for annual compliance audits:

Scope Assessment: Don’t become a victim of “scope creep” – instead – work with the proven auditors at NDNB and properly plan your SOC 2 audit the right way from day one. Understanding what business processes are involved in the audit, along with personnel, facilities, third-party organizations – and more – is all an important component of proper audit scoping. Too big of a scope, and you’ll have significant cost overruns, particularly in terms of internal operational costs and external fees paid to auditors.

There’s quite a bit of chatter today in the world of regulatory compliance regarding SOC 2 vs. NIST 800-53. Both the AICPA SOC auditing framework (which consists of SSAE 18 SOC 1, SOC 2, and SOC 3 reports) and the NIST SP 800-53 publication are major players in today’s growing world of regulatory compliance, so let’s take a deep dive into the SOC 2 vs. NIST 800-53 discussion.

5 Things You Need to Know about SOC 2 vs. NIST 800-53

1. SOC 2 is Part of the AICPA “SOC” Framework: The American Institute of Certified Public Accountants (AICPA) launched the SOC assessment report framework in 2011, and with that came three (3) new reporting options: SOC 1, SOC 2, and SOC 3. SOC 1 reports initially used the SSAE 16 standard – which has been replaced by the SSAE 18 standard – as the official “standard” for issuing SOC 1 reports. SOC 2 reports use the AT 101 standard, as do SOC 3. Together, these three (3) reporting options replaced the one-size-fits-all SAS 70 auditing standard that had been in use since 1992.  Initially, the SOC framework stood for “Service Organization Controls”, but that was recently modified and is now called “System and Organization Controls”.

Fast forward now and the SOC 2 standard is now arguably become the most widely recognized out of all three (3) SOC options, and that’s because more and more technology-oriented businesses are undergoing annual SOC 2 compliance. Think data centers, Software as a Service (SaaS), managed security service providers – and more – they are all ideal candidates for annual SOC 2 compliance.

Healthcare organizations can now effectively assert to many of the mandated provisions within the HIPAA Security Rule by undertaking annual SOC 2 assessments by a Certified Public Accounting (CPA) firm. NDNB, one of North America’s leading providers of SOC 2 HIPAA compliance assessments, has developed a specific testing matrix that maps directly to the HIPAA Security Rule provisions of 164.308 to 164.316, along with other applicable HIPAA mandates. It’s an incredibly efficient and comprehensive process for showcasing compliance with the Security Rule initiatives of the Health Insurance Portability and Accountability Act (HIPAA).

Providers of Fixed Fee SOC 2 HIPAA Compliance Reports | Call Today

Additionally, because of the flexibility allowed under the SOC 2 framework, additional components of the Health Insurance Portability and Accountability Act (HIPAA) can also be evaluated for baseline compliance, such as the Privacy Rule, Breach Notification mandates, and other notable HIPAA provisions. More and more service organizations are undertaking SOC 2 HIPAA compliance, so call the experts today at NDNB to learn more about our comprehensive SOC 1, SOC 2, and SOC 3 reporting.  NDNB also offers comprehensive SOC 1 and SOC 2 audits for businesses using Amazon AWS, Microsoft Azure, and Google GCP.

Question: What is a SOC 2 Type 1 Report.

Answer: A SOC 2 Type 1 Report is a report issued by a Certified Public Accounting (CPA) firm that reports on controls in operation relating to the following five (5) Trust Services Criteria (TSP) in accordance with the AICPA System and Organization Control (SOC) reporting framework:

1. Security. Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.
2. Availability. Information and systems are available for operation and use to meet the entity’s objectives.
3. Processing integrity. System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
4. Confidentiality. Information designated as confidential is protected to meet the entity’s objectives.
5. Privacy. Personal information is collected, used, retained, disclosed, and disposed to meet the entity’s objectives.

There’s quite a bit of chatter today in the world of regulatory compliance regarding SOC 2 vs. NIST 800-53. Both the AICPA SOC auditing framework (which consists of SSAE 18 SOC 1, SOC 2, and SOC 3 reports) and the NIST SP 800-53 publication are major players in today’s growing world of regulatory compliance, so let’s take a deep dive into the SOC 2 vs. NIST 800-53 discussion.

5 Things You Need to Know about SOC 2 vs. NIST 800-53

1. SOC 2 is Part of the AICPA “SOC” Framework: The American Institute of Certified Public Accountants (AICPA) launched the SOC assessment report framework in 2011, and with that came three (3) new reporting options: SOC 1, SOC 2, and SOC 3. SOC 1 reports initially used the SSAE 16 standard – which has been replaced by the SSAE 18 standard – as the official “standard” for issuing SOC 1 reports. SOC 2 reports use the AT 101 standard, as do SOC 3. Together, these three (3) reporting options replaced the one-size-fits-all SAS 70 auditing standard that had been in use since 1992.

Initially, the SOC framework stood for “Service Organization Controls”, but that was recently modified and is now called “System and Organization Controls”.  Fast forward now and the SOC 2 standard is now arguably become the most widely recognized out of all three (3) SOC options, and that’s because more and more technology-oriented businesses are undergoing annual SOC 2 compliance. Think data centers, Software as a Service (SaaS), managed security service providers – and more – they are all ideal candidates for annual SOC 2 compliance.

SOC 1 SSAE 18 and/or SOC 2 compliance is becoming a must-have for hundreds of Atlanta businesses seeking to comply with growing client demands and industry specific regulations. Whatever your business offers, from I.T. services to operational and manufacturing of products, it seems as if the regulatory compliance mantra is sparing hardly any company today in the metro Atlanta region.

What’s interesting to note is that as Atlanta has increasingly become one of the true financial and IT markets in the country, the mandates for compliance have increased similarly also. Atlanta’s growing like never before – and that’s great – but so are the massive compliance mandates of SOC 1 SSAE 18 and SOC 2, along with PCI DSS, HIPAA, FISMA reporting, and much more. Need help? Then turn to the experts at NDNB, Atlanta’s premier provider of compliance services.

Since 2006, NDNB has been setting the standard for security & compliance regulations

Have Questions?

Contact us for a FREE 15 Minute SOC Audit Phone Consultation

Request A Consultation