SOC 2 Type 1 auditsare offered from NDNB, North America’s leading provider of high-quality, competitively prices System and Organization Controls (SOC) assessments. Additionally, SOC 2 Type 1 audits performed by NDNB also come complete with a complimentary SOC 2 Policy Packet containing hundreds of pages of critical information security and operational specific policies, procedures, and much more.
That’s right, we provide a complimentary SOC 2 Policy Packet for each of our clients! SOC 2 compliance is here to stay as more and more businesses are offering their services to other entities, thus requiring an independent, third-party assessment of one’s internal controls. With the SOC 2 framework, which consists of five (5) Trust Services Principles (TSP), and now gaining international recognition and widespread acceptance, it’s important to educate yourself on the following key points:
1. Where did SOC 2 Originate from? The overused and misguided historical SAS 70 auditing standard became a one-size-fits all audit approach that had simply run out of time and was not well-equipped to deal with today’s vast and complex business arena. As a result, the new System and Organization Controls (SOC) framework was born - a platform consisting of three (3) reporting options: SSAE 16 (now SSAE 18) SOC 1, SOC 2, and SOC 3.
2. SSAE 18 SOC 1 or SOC 2? If you’re a business in the technology arena and are NOT performing any services that could impact a client’s financial reporting, then SOC 2 is the preferred audit choice, no question about it. If you are performing services for a client that does impact their financial reporting – regardless of what the business model is – then SSAE 18 SOC 1 is the preferred choice.
3. Where to Begin: With a comprehensive SOC 2 readiness assessment, that’s where. Are you new to the AICPA SOC audit world, if so, then treading lightly and working with an experienced CPA & auditing firm who can help your businesses assess audit scope, internal control deficiencies and more, is why a readiness assessment is a must! Service organizations that fail to perform any up-front audit due-diligence measures are only asking for trouble as critical topics must be covered and assesses prior to the audit commencing.
4. What to Expect: First and foremost, diving headfirst into a SOC 2 audit without a SOC 2 readiness assessment is not a good idea because you truly need to spend valuable time assessing your control environment prior to the audit, then correcting deficiencies found during the pre-audit exercises. With that said, expect to find gaps with regards to policies and procedures, along with security and technical weaknesses within critical systems, such as weak passwords, inadequate firewall configuration rules, etc. Like many businesses new to the SOC 2 reporting platform, you could potentially spend a considerable amount of time correcting internal control deficiencies and gaps found during the pre-audit activities, but this is very common, so don’t be alarmed.
SOC 2 compliance – particularly for service organizations that are new to regulatory compliance – can be a challenging endeavor, but with NDNB, we’ll guide you through the entire process from day one, ensuring a successful outcome for you and your business. From comprehensive readiness assessments, remediation service, policy and writing templates, policy writing services – and more – we’ve got you covered.
SOC 2 Type 1 audits are assessments performed for an “as of” date, as opposed to SOC 2 Type 2 audits, which are assessments conducted over a stated time period.
SOC 2 Type 1 audits are a great stepping stone towards SOC 2 Type 2 audits.
SOC 2 Type 1 audits are geared towards many of today’s technology driven service organizations.