+ 001 0231 123 32



All demo content is for sample purposes only, intended to represent a live site. Please use the RocketLauncher to install an equivalent of the demo, all images will be replaced with sample images.

Trusted Advisors to Businesses throughout North America

3 minutes reading time (630 words)

SOC 2 Reporting Framework and the Top 10 Items You Need to Know About | Part III

7. Provide a Written Statement of Assertion. Yet another requirement for SOC 2 compliance is providing the service auditor (i.e., the CPA performing the SOC 2 engagement) with a written statement of assertion. This assertion, which is a strict requirement for SOC reporting, is essentially a document whereby the service organization’s management must assert to a number of different provisions regarding their overall control environment.

8. Policies and Procedures are Critical.  SOC 2 assessments are technical – there’s no debating that – but keep in mind that a large part of today’s compliance mandates – particularly SOC 2 reports – require comprehensive policy and procedure documents to be in place. NDB provides a comprehensive SOC 2 Policy Packet to all of our clients that we work with, helping them save thousands of dollar and hundreds of man-hours on critical policy development.

SOC 1 SSAE 18 and SOC 2 Policy Templates and Information Security Policies

When it comes to saving thousands of dollars and hundreds of operational man-hours for regulatory compliance, NDB delivers a homerun in terms of cost saving and efficiencies with our policy templates. What’s more, when properly developed, your information security policies and procedures can often serve to meet numerous other compliance mandates, such as PCI DSS, HIPAA, FISMA, and more.

9. The adoption of SOC 2 is now moving faster than expected. Considering the number of technology-based service organizations which exist in today’s landscape, one would assume that the SOC 2 framework would be widely embraced and immediately adopted, and it is, moving much faster than expected. While many service organizations initially chose to perform SSAE 16 SOC 1 assessments, the SOC 2 framework is a fast-moving train with no red lights in front of it. Almost any type of technology driven company in today’s business world is an ideal candidate for SOC 2 compliance, and that’s exactly why it’s witnessing tremendous growth and acceptance. From data centers to cloud computing – and more – SOC 2 is on the rise.

10. SOC 2 and SOC 3 are similar in a number of regards. Both SOC 2 and SOC 3 utilize the Trust Services Principles (TSP) for their respective framework, which allows a service organization to effectively choose between the two. SOC 2 results in a service organization receiving an actual report, whereby SOC 3 results in the issuance of a seal, which can be displayed on the service organization's website. It’s even fair to say that the SOC 2 framework is becoming the most well-known and readily accepted third-party assurance audit throughout North America, even the globe. Adoption of the AICPA SOC platform has gained widespread adoption from one continent to the next, so talk to the experts today about SOC 2 compliance by contacting Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or emailing him at This email address is being protected from spambots. You need JavaScript enabled to view it..

View Part I and Part II of the SOC 2 Reporting Framework Essentials Whitepaper.

To learn more about NDB's SOC 2 reporting services and our competitive, fixed-fee pricing, contact Christopher G. Nickell, CPA. He can be contacted at 1-800-277-5415, ext. 706 or via email at This email address is being protected from spambots. You need JavaScript enabled to view it.

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

SOC 2 Compliance Audits | Southern California | Or...
SOC 2 Reporting Framework and the Top 10 Items You...

Get A Free Quote Today!

Fill out my online form.