+ 001 0231 123 32



All demo content is for sample purposes only, intended to represent a live site. Please use the RocketLauncher to install an equivalent of the demo, all images will be replaced with sample images.

Trusted Advisors to Businesses throughout North America

6 minutes reading time (1183 words)

SOC 2 Compliance Checklist for WDC, MD, and Northern Virginia Businesses

Washington DC, Maryland, and Northern Virginia Businesses seeking to learn more about SOC 2 audits & assessments and how to adequately prepare their organization for long-term compliance success can now access the following SOC 2 checklist for compliance, courtesy of NDB, one of the country’s leading provider of SOC 1 SSAE 18, SOC 2 and SOC 3 audits:

1. Learn about the AICPA SOC Framework: Much has changed in recent years when it comes to regulatory compliance in terms of third-party reporting on internal controls. For years, the outdated and often misused SAS 70 auditing standard was the only professional standard for assessing internal controls, but that’s all changes. Enter the AICPA Systems and Organization Control (SOC) framework, which consists of SOC 1 SSAE 18 audits, SOC 2 audits, and SOC 3 audits – each unique in their own right.

Simply stated, the business climate has changed and evolved dramatically in recent years, and the AICPA SOC framework was designed to accommodate internal control reporting needs for a wide variety of platforms. And it’s been very successful, to say the least.

NDB also offers SOC 1 and SOC 2 audit reports for businesses using Amazon AWS, Microsoft Azure and Google GCP.

2. Understand the Differences between SOC 1 vs. SOC 2: While there are noted similarities between SOC 1 and SOC 2 audits – specifically – they both assess internal control policies, procedures, and processes within a service organization, real differences do exist. First and foremost, SOC 1 SSAE 18 assessments are audit performed on businesses that exhibit a true relationship to the Internal Controls Over Financial Reporting (ICFR) concept.

SOC 1 vs SOC 2

This essentially implies that if your business is providing services that can impact your client’s financials, then SOC 1 SSAE 18 should be the chosen audit methodology. If you’re a technology driven company, then SOC 2 is the favored choice.

3. Engage in a SOC 2 Scoping & Readiness Assessment: One of the very best initiatives any business can undertake for getting prepared for an actual SOC 2 assessment is performing an in-depth scoping & readiness assessment. Which such an exercise, you’ll quickly learn about your internal controls, what gaps and deficiencies exist, what are the scope boundaries for the actual SOC 2 assessment, and much more.
There’s simply no reason to begin a SOC 2 audit without proper planning, scoping, and due-diligence, so talk to the experts today about NDB’s scoping & readiness assessments. Contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706 or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

SOC 2 Readiness Assessment Fixed Fees

4. Ensure you have an Accurate Asset Inventory: Do you have a complete, current, and accurate listing of all your information systems – your networking devices, servers, and other I.T. systems – if not, it’s time to put one in place, and for two good reasons. First, from a best practices perspective, you’ll need to be aware of what systems are in place, where they’re located, and their overall intent and use. As issues arise in I.T. environments – and they will – you need to know what systems are in place. Second, auditors will demand to see a complete population listing of I.T. systems for purposes of sampling for a SOC 2 audit.

SOC 2 Risk Assessment Template

5. Perform essential Technical and Operational Remediation: Documentation writing can be incredibly time-consuming – no question about it – but so can the exhaustive amount of technical remediation that often must be performed. Specifically, you may find that servers need to be re-configured and hardened, access controls need to enhanced, firewalls require stronger rulesets – these are just some examples of commonly found technical deficiencies that ultimately require remediation. It “can” be a time-consuming endeavor, particularly if you don’t have the resources or expertise necessary, and it’s why NDB offers comprehensive technical and operational remediation services for helping businesses become compliant.

Security Awareness Training for SOC 2 Compliance

6. Assess Third-Party Providers: Outsourcing is not a fad, it’s here to stay as almost every business is now relying on the services and solutions of another entity. The challenge for SOC 2 compliance is assessing the relevancy of such outsourcing entities and what assessment activities – if any – need to be performed for ensuring an adequate system of internal controls are in place.

While many businesses deemed a third-party for purposes of YOUR audit may very well have gone through an annual compliance audit (i.e., HIPAA, SOC 1, SOC 2, PCI DSS, and others), others have unfortunately not, thus essential due-diligence measures need to be applied.

As such, a due-diligence process needs to be in place for assessing – and possibly testing – the design and operating effectiveness of a third-party’s internal controls. Contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706 or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about how NDB can assist in these matters.

7. Understand what Auditors are looking for: Most auditors are “by the book”, as the old saying goes, essentially following a prescriptive checklist of what needs to be in place for validating internal controls, what documentation needs to be collected as evidence, and what measures need to be taken when exceptions arise during the course of the audit. As such, communicate with your auditors for ensuring that both sides have a strong understanding of what is expected in terms of deliverables for the audit.

NDB – Washington D.C.’s Compliance Experts – Fixed Fee Pricing

When it comes to finding a high-quality, proven regulatory compliance firm for servicing organizations all throughout the Washington DC, Maryland, and Northern Virginia metro area, the choice should be NDB. With fixed-fee pricing and a national track record of excellence, we can offer the services and solutions for helping your organization become SOC 2 compliant.

We also offer numerous other compliance services, such as SOC 1 SSAE 18, SOC 2, SOC 3, EI3PA, ACH Audits, MERS compliance, internal audits, and more. Contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706 or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about how NDB can assist in these matters.

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

SSAE 18 SOC 1 Type 1 Audits | Denver, Colorado | B...
SOC 1 SSAE 18 Audit Checklist for Auditing Success...

Get A Free Quote Today!

Fill out my online form.