Subscribe to this list via RSS Blog posts tagged in SOC 2 Reports Canada | Fixed Fees | Call NDB

NDB Accountants & Consultants (NDB) offers industry leading SOC 2 reports for Canada service organizations seeking to comply with the AICPA Service Organization Control (SOC) reporting framework. In joint collaboration with the Chartered Accountants of Canada (CICA), the American Institute of Certified Public Accountants (AICPA) developed the Trust Services Principles, which are an integral component of SOC 2 reports. More specifically, the TSP’s are criteria based provisions that consist of the following:

  • The security of a service organization's system.
  • The availability of a service organization's system.
  • The processing integrity of a service organization's system.
  • The confidentiality of the information that the service organization's system processes or maintains for user entities.
  • The privacy of personal information that the service organization collects, uses, retains, discloses, and disposes of for user entities.

Moreover, included within the TSP’s are the following 7 areas:

  1. Organization and management
  2. Communications
  3. Risk management and implementation of controls
  4. Monitoring of controls
  5. Logical and physical access controls
  6. System operations, and
  7. Change management

So take note of the following important points regarding SOC 2 reports in Canada, brought to you by NDB Accountants & Consultants – North America’s leading providers of SOC 2 compliance reporting:

  1. Understand Scope. There are essentially two (2) important scope considerations to think about regarding SOC 2 reports. First, what specific business processes and/or business platform will your company be including within the actual SOC 2 assessment. Second, which of the five Trust Services Principles will you include within your SOC 2 assessment – one, a few, or all of them? This can be somewhat confusing at first, but give Chris Nickell, CPA, a call at 1-800-277-5415, ext. 706, and he’ll be glad to clarify and help you better understand these two important scope issues.
  2. Policies and Procedures are Critical. It’s extremely important to understand the need for comprehensive, well-written policies and procedures for SOC 2 compliance. When you look at the actual Trust Services Principles (TSP), much attention is given to the mandate of policies and procedures, both from an information security and operational perspective. And it’s why NDB offers a complimentary SOC 2 Policy Packet to every client we work with.  Learn more about NDB's data center expertise and the complimentary SOC 2 Policy Packets, along with our complimentary PCI DSS Policy Packets and also SOC 1 Policy Packets we provide to our clients for each enagement. It truly makes a difference for each audit!
  3. SOC 2 is vastly different than SOC 1. Though they are often clumped together as similar audits, there are considerable differences, the most important being that SOC 1 (which utilizes the SSAE 16 reporting standard) is generally geared towards internal controls over financial reporting (ICFR concept), while SOC 2 is primarily aimed at technology oriented service organizations (i.e., data centers, managed services providers, SaaS models, etc.).
  4. There are two (2) types of SOC 2 reports. Service organizations can obtain a SOC 2 Type 1 and/or a SOC 2 Type 2. So what’s the difference? A SOC 2 Type 1 is for reporting a service organizations’ controls for a “point in time”, a specific date, that is. As for a SOC 2 Type 2, it reports on a service organizations for a state time period, usually a six (6) month period. Most organizations new to SOC 2 reporting in Canada undertake a SOC 2 Type 1 the first year, followed by SOC 2 Type 2 reporting in subsequent years.
  5. Welcome to Regulatory Compliance. Once you begin the process of an initial SOC 2 report, it really becomes an annual process, so say hello to the world of regulatory compliance. It means finding a high-quality CPA firm to work with, one that offers a fixed-fee engagement for a multi-year commitment. After all, changing auditors year after year makes no sense at all, so call Chris Nickell, CPA at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. .
Hits: 1313
From I.T.consultants to seasoned regulatory compliance auditors, our firm's wide expertise is diverse, cross-functional, and highly experienced in all our service lines.

From I.T.consultants to seasoned regulatory compliance auditors, our firm's wide expertise is diverse, cross-functional, and highly experienced in all our service lines.