+ 001 0231 123 32



All demo content is for sample purposes only, intended to represent a live site. Please use the RocketLauncher to install an equivalent of the demo, all images will be replaced with sample images.

Trusted Advisors to Businesses throughout North America

5 minutes reading time (1013 words)

SOC 2 Type 1 Audits | Overview, Pricing, and More

SOC 2 Type 1 audits are offered from NDB, North America’s leading provider of high-quality, competitively prices System and Organization Controls (SOC) assessments. Additionally, SOC 2 Type 1 audits performed by NDB also come complete with a complimentary SOC 2 Policy Packet containing hundreds of pages of critical information security and operational specific policies, procedures, and much more.

That’s right, we provide a complimentary SOC 2 Policy Packet for each of our clients! SOC 2 compliance is here to stay as more and more businesses are offering their services to other entities, thus requiring an independent, third-party assessment of one’s internal controls. With the SOC 2 framework, which consists of five (5) Trust Services Principles (TSP), and now gaining international recognition and widespread acceptance, it’s important to educate yourself on the following key points:

1. Where did SOC 2 Originate from? The overused and misguided historical SAS 70 auditing standard became a one-size-fits all audit approach that had simply run out of time and was not well-equipped to deal with today’s vast and complex business arena. As a result, the new System and Organization Controls (SOC) framework was born - a platform consisting of three (3) reporting options: SSAE 16 (now SSAE 18) SOC 1, SOC 2, and SOC 3.

2. SSAE 18 SOC 1 or SOC 2? If you’re a business in the technology arena and are NOT performing any services that could impact a client’s financial reporting, then SOC 2 is the preferred audit choice, no question about it. If you are performing services for a client that does impact their financial reporting – regardless of what the business model is – then SSAE 18 SOC 1 is the preferred choice.

While there still seems to be some confusion as to which audit framework to use, clarity is starting to take root in the industry, with more and more technology companies switching to the SOC 2 reporting option, and for good reason. If you need additional guidance and insight as to the merits of SOC 2 audits and a greater understanding of the Trust Services Criteria (TSP), then call Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more. Also, read NDB’s SOC 1 vs. SOC 2 whitepaper.

3. Where to Begin: With a comprehensive SOC 2 readiness assessment, that’s where. Are you new to the AICPA SOC audit world, if so, then treading lightly and working with an experienced CPA & auditing firm who can help your businesses assess audit scope, internal control deficiencies and more, is why a readiness assessment is a must! Service organizations that fail to perform any up-front audit due-diligence measures are only asking for trouble as critical topics must be covered and assesses prior to the audit commencing.

SOC 1 SSAE 18 and SOC 2 Policy Templates and Information Security Policies

4. What to Expect: First and foremost, diving headfirst into a SOC 2 audit without a SOC 2 readiness assessment is not a good idea because you truly need to spend valuable time assessing your control environment prior to the audit, then correcting deficiencies found during the pre-audit exercises. With that said, expect to find gaps with regards to policies and procedures, along with security and technical weaknesses within critical systems, such as weak passwords, inadequate firewall configuration rules, etc. Like many businesses new to the SOC 2 reporting platform, you could potentially spend a considerable amount of time correcting internal control deficiencies and gaps found during the pre-audit activities, but this is very common, so don’t be alarmed.

SOC 2 Readiness Assessment Fixed Fees

5. Why Choose NDB: If you’re looking for a fixed fee pricing module, expertise that’s truly second-to-none, along with a well-respected firm that’s known all throughout the North American market, then you should consider NDB. We also offer our industry leading SOC 2 Policy Packet and other supporting tools for helping businesses conquer the SOC 2 Mountain in no time at all. Call Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

SOC 2 compliance – particularly for service organizations that are new to regulatory compliance – can be a challenging endeavor, but with NDB, we’ll guide you through the entire process from day one, ensuring a successful outcome for you and your business. From comprehensive readiness assessments, remediation service, policy and writing templates, policy writing services – and more – we’ve got you covered.

  • SOC 2 Type 1 audits are assessments performed for an “as of” date, as opposed to SOC 2 Type 2 audits, which are assessments conducted over a stated time period.
  • SOC 2 Type 1 audits are a great stepping stone towards SOC 2 Type 2 audits.
  • SOC 2 Type 1 audits are vastly different from SOC 1 Type 1 assessments.
  • SOC 2 Type 1 audits are geared towards many of today’s technology driven service organizations.

Speak with Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it., and receive a competitively priced fixed fee for SOC 2 Type 1 audits today.

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

SOC 2 Type 1 Assessment | Fixed Fees
SOC 2 Type 1 Framework | Overview

Get A Free Quote Today!

Fill out my online form.