Compliance White Papers

Taking the hassle out of staying compliant

Get A Fixed Fee Quote Today Request a Free Quote

The phrase "AT 101 SOC 2" is often kicked around in today's world of regulatory compliance. With that said, it's important to gain a strong factual understanding of AT 101 SOC 2, as this will ultimately help service organizations learn more about many of their responsibilities for reporting on controls.

First and foremost the "SOC 2" component of the "AT 101 SOC 2" phrase is associated with the AICPA Service Organization Control (SOC) reporting framework, for which there are three (3) reporting options that are offered: SOC 1, SOC 2, and SOC 3.  SOC 1 reports, which are very common and well-known, utilize the SSAE 16 attestation standard, while SOC 2 and SOC 3 reports utilize the AT 101 professional standard. So what exactly is a professional standard, for purposes of SOC 1, SOC 2 and SOC 3 reporting? It's a publication put forth by the AICPA with a series of provisions, statements and explicit guidance on how to perform  a particular engagement.  

Essential "AT 101 SOC 2" Subject Matter You Need to Know About

•    AT 101 is the professional standard used for issuing SOC 2 reports.
•    SOC 2 is part of the AICPA Service Organization Control (SOC) reporting framework.
•    SOC 2 reports can be that of Type 1 or Type 2.
•    SOC 2 reports are generally geared towards many of today's technology driven service organizations, such as Software as a Service (SaaS) entities, data centers, managed service providers, and others.
•    SOC 2, though not as well-known as SOC 1, can be a viable reporting option at times.

Important SOC 1 SSAE 18 Information

•    SSAE 18 is the professional standard used for issuing SOC 1 reports.
•    SOC 1 is also part of the comprehensive AICPA SOC reporting platform.
•    SOC 1 reports can be that of Type 1 or Type 2.
•    The SSAE 16/SSAE 18 is very well-known, due in large part that it replaced the longstanding SAS 70 auditing standard, which was originally put forth in April of 1992.

You can learn more about AT 101 SOC 2 by visiting the official SOC Report Guide, a comprehensive website dedicated to the AICPA Service Organization Control (SOC) reporting framework.

Additionally, the following notable topics are worth learning more about also:

•    SOC 1 vs. SOC 2
•    SOC 2 Framework
•    SOC 3
•    SSAE 16/SSAE 18 Readiness Assessments
•    The Evolution of SSAE 16/SSAE 18 and a New Standard

NDNB – North America’s Leading Provider of SOC 1 (SSAE 16/SSAE 18) and SOC 2 Audits & Assessments

We’ve been performing SOC 2 audits for years, offering fixed-fee pricing and high-quality services to businesses from coast to coast. Wherever you are located, NDNB has the skills, expertise, and manpower for helping you become SOC 2 compliant. We also offer a wide-range of additional compliance services and solutions, such as SOC 1 (SSAE 16/SSAE 18), SOC 2, SOC 3, EI3PA, ACH Audits, MERS compliance, internal audits, and more.  Please contact us today to learn more about NDNB, or email Chris Nickell at This email address is being protected from spambots. You need JavaScript enabled to view it. today.

Since 2006, NDNB has been setting the standard for security & compliance regulations