+ 001 0231 123 32



All demo content is for sample purposes only, intended to represent a live site. Please use the RocketLauncher to install an equivalent of the demo, all images will be replaced with sample images.

Trusted Advisors to Businesses throughout North America

7 minutes reading time (1351 words)

SOC 2 Type 1 Framework | Overview

The SOC 2 Type 1 framework overview is provided by NDB, North America’s leading provider of high-quality, competitively priced SOC 2 Type 1 and Type 2 assessments, along with SOC 1 reporting. Moreover, the SOC 2 Type 1 framework also requires numerous policies and procedures to be in place, for which NDB also includes a complimentary SOC 2 Policy Packet to all clients containing hundreds of pages of critical information security and operational specific policies, procedures, and much more.

With many companies now being required to perform annual SOC 2 Type 1 and SOC 2 Type 2 audits, it’s time to gain a strong technical understanding of the AICPA System and Organization Controls (SOC) framework and how NDB can help in meeting your growing regulatory compliance goals each year. Take note of the following subject matter regarding the SOC 2 framework, courtesy of NDB, one of the nation’s leading provider of high-quality, fixed-fee regulatory compliance services and solutions:

1. SSAE 18 SOC 1 vs. SOC 2: What’s the main difference between SSAE 18 SOC 1 and SOC 2 assessments; SOC 1 audits – which use the SSAE 18 professional standard – are audits performed on service organizations that offer services to clients that could impact the financial reporting of their actual clients. Think actuaries, banking, financial, and trust services, and others.

SOC 1 vs SOC 2

As for SOC 2, think technology companies, such as data centers, SaaS vendors – anyone in the technology space – these are ideal candidates for SOC 2 compliance. Thus, SSAE 18 SOC 1 is a financially driven third-party assessment, while SOC 2 is technology driven third-party assessment. Even with all this said, we still find many technology-associated service organizations performing annual SSAE 18 SOC 1 assessments, which we feel is technically incorrect.

Sure, the assessment still has tremendous value as it assesses internal controls, but the SOC 2 framework with the relevant Trust Services Principles (TSP) is a much more meaningful and better aligned auditing process for technology businesses. Learn more about SOC 1 vs. SOC 2 today. Also, contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. today to learn more about SOC 1 vs. SOC 2.

2. Why a Readiness Assessment is Essential: Simple, you’ll want to thoroughly asses and understand all the necessary components of a SOC 2 audit, such as scoping boundaries, how to correct internal controls gaps and deficiencies, what personnel – internally – are expected to play a role in the assessment, what physical locations have to be visited, what auditors expect in terms of deliverables, and much more. In short, a SOC 2 scoping & readiness assessment brings about much needed clarity and understanding to all facets of the audit.

SOC 2 Readiness Assessment Fixed Fees

Without it, you’re simply creating immense challenges in the audit process, many of which can be solved by simply performing a SOC 2 scoping & readiness assessment. And lastly, the fee for a SOC 2 scoping & readiness assessment can be conveniently bundled into our fixed-fee pricing for a multi-year engagement, thus decreasing the direct impact and financial cost to your firm. You’ll learn a tremendous amount about your business – it’s an eye opener for some – but well worth it in terms of ROI.

Using AWS for Hosting? Here's What You Need to Know about Performing SOC 1 & SOC 2 Audits

3. Policies and Procedures are Critical: While tremendous efforts are always put into the technical aspect of SOC 2 compliance – ensuring information systems are functioning as necessary – what’s often left behind is the importance of developing all necessary documentation for SOC 2 compliance. Specifically, the SOC 2 framework requires a lengthy list of information security and operational policies and procedures to be in place – an incredibly time-consuming task, no doubt – and it’s why NDB offers a complimentary SOC 2 Policy Packet containing hundreds of pages of policies, forms, and other supporting templates.

SOC 1 SSAE 18 and SOC 2 Policy Templates and Information Security Policies

The documentation is absolutely vital for helping ensure SOC 2 compliance is successfully met. Look, writing information security policies and procedures – especially starting from scratch – can take dozens and dozens of hours, sometime much more, so the ability to use high-quality, SOC 2 specific policy templates from NDB is a must!

Service organizations all throughout North America – and select global regions – have successfully utilized our industry leading documents for years, helping them achieve SOC 2 compliance – and other regulatory compliance mandates – quickly and cost-effectively. Contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. today to learn more about SOC 1 vs. SOC 2.

4. Technical Remediation is Crucial: Also high on the list for SOC 2 remediation are all the technical and security initiatives that need to take place. From re-provisioning network devices to securely locking down servers – and much more – technical remediation is a must, and it can be time-consuming.

Common examples of technical remediation include the following: (1). Provisioning and hardening server settings, both on the o/s and the underlying applications. (2). Configuring rulesets and configuration files for network devices, such as firewalls, routers, and switches. (3). Implementing stronger access controls for user access.

Luckily, NDB offers comprehensive forms and checklists for all major vendors when it comes to essential provisioning and hardening guidelines – material that’s complimentary to our valued SOC 2 clients throughout North America. Becoming SOC 2 compliant within a reasonable timeframe – and within budget – is our goal for you, so let’s talk.

SOC 2 Risk Assessment Template

5. Assessing Subservice Organizations is a Must: Do you as a business/service organization outsource other services to businesses downstream – if so – then these “downstream” providers of services to you are what’s known as subservice organizations – at least in terms of your compliance requirements. Many times, auditors will want to assess the internal controls of these very subservice organizations, and many of them may have gone through a compliance audit already – perhaps even a SOC 2 audit, or an SSAE 18 SOC 1 assessment – but if not, auditors will need to take steps in assessing such entities. You need to be aware of subservice organization reporting requirements, so talk to the experts at NDB.

Security Awareness Training for SOC 2 Compliance

SOC 2 Type 1 Things You Need to Know

  • The SOC 2 Type 1 framework states that this type of an assessment is performed for an “as of” date, as opposed to the AICPA SOC 2 Type 2 framework, which are assessments conducted over a stated time period.
  • SOC 2 Type 1 framework is an excellent starting point for SOC 2 Type 2 audits.
  • The SOC 2 Type 1 framework is largely different from the SOC 1 Type 1 framework
  • Receive a complimentary SOC 2 Policy Packet from NDB!
  • The SOC 2 Type 1 framework is a great fit for many of today’s information technology businesses.
  • Speak with Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it., and receive a competitively priced fixed fee for SOC 2 Type 1 assessments.
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

SOC 2 Type 1 Audits | Overview, Pricing, and More
SOC 1 SSAE 18 & SOC 2 Readiness Assessments for Co...

Get A Free Quote Today!

Fill out my online form.