SOC 2 AT 101 Type 1 and Type 2 assessments are provided by NDNB at competitive, fixed-fee rates, and to businesses all throughout North America and beyond. SOC 2 reports, for which you can receive either a SOC 2 Type 1 or Type 2, are part of the AICPA Service Organization Control (SOC) framework. Additionally, SOC 2 reports are conducted in accordance with AT 101, a professional standard that provides general guidance on attest engagements performed by practitioners (i.e., certified public accountants). Many organizations that don't have a clear relationship or nexus to internal controls related to financial reporting (a concept known as ICFR), should consider undertaking a SOC 2 assessment, or possibly even a SOC 3 assessment.
SOC 2 reports were designed by the AICPA to include the ever-growing number of technology service organizations, such as Software as a Service (SaaS) entities, data centers, and many other related "cloud computing" environments. Additionally, SOC 2 reports rely on the Trust Services Criteria (TSP) as the essential framework of the assessment itself. Specifically, the Trust Service Criteria (TSP) consists of the following:
- Processing integrity
SOC 2 AT 101 Reporting
Initially, the SOC 2 reporting option did not generate much interest from service organizations and service auditors alike, but this is quickly changing as interested parties are finding real value in SOC 2 reports. Much of this is based on the fact that a large and growing number of service organizations are identified as technology entities, thus the SOC 2 framework is more applicable to their business environment. Some organizations are opting for both SOC 1 and SOC 2 reports in order to suffice for their customers' requirements for reporting on internal controls.
SOC 2 Resource Guide
Interested parties can learn much more about SOC 2 reporting from NDNB's official SOC Resource Guide, a site dedicated to all facets of Service Organization Control (SOC) reporting options, which are SOC 1, SOC 2 and SOC 3. Learn more about notable topics related to SOC 2 reporting, such as the following:
- SOC 1 vs. SOC 2
- SOC 2 Reporting Framework
- SOC 2 Compliance
- AT Section 101
- SOC 3