SOC 1 SSAE 18 Audits & Assessments
Fixed-Fee SOC 1 SSAE 18 Type 1 and Type 2 Assessments
NDB provides SOC 1 SSAE 18 Type 1 and Type 2 assessments to businesses all throughout the United States, and at competitive, fixed-fee rates. We have been specialists in the regulatory compliance arena for many years, having issued hundreds of former SAS 70 audits reports and current SOC 1 (SSAE 16/SSAE 18) Type 1 and Type 2 reports for a large number of service organizations, ranging from payroll companies to data centers, and so much more.
Statement on Standards for Attestation Engagements (SSAE) No. 18 is effective for reporting audit opinions dated on or after May 1, 2017, and is part of the American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) framework. Specifically, SOC 1 Type 1 and Type 2 assessments fall under the SOC 1 reporting option. Thus, it's common to hear people refer to SSAE 18 as "SOC 1" reports.
- SOC 1 SSAE 18 Readiness Assessments
- SOC 1 SSAE 18 Remediation
- SOC 1 SSAE 18 Audits
- SOC 1 SSAE 18 Type 1 Assessments
- SOC 1 SSAE 18 Type 2 Assessments
- SOC 2 Readiness Assessments
- SOC 2 Remediation
- SOC 2 Type 1 audits
- SOC 2 Type 2 audits
- SOC 2 Audits for AWS
- SOC 2 Audits for Microsoft Azure
- SOC 2 Audits for Google GCP
- SOC 2 HIPAA Readiness Assessments
- SOC 2 HIPAA Audits
- SOC 2 HITRUST Audits
- SOC 2 HITRUST Audits (2)
SOC 1 SSAE 18 Reporting
A SOC 1 SSAE 18 Type 1 Report is known as a "Report on management's description of a service organization's system and the suitability of the design of controls," which includes the following subject matter
- A description of the service organization's "system."
- A written assertion from management of the service organization that fairly presents the service organization’s system as designed and implemented as of the specified date, and that the controls related to the control objectives stated in the description of the “system” for the service organization were suitably designed to achieve the control objectives as of the specified date.
- A service auditor’s assurance report.
A SOC 1 SSAE 18 Type 2 Report is known as a "Report on management's description of a service organization's system and the suitability of the design and operating effectiveness of controls," which includes the following subject matter:
- A description of the service organization's "system."
- A written assertion from management of the service organization that fairly presents the service organization’s system as designed and implemented throughout the specified period, and that the controls related to the control objectives stated in the description of the “system” for the service organization were suitably designed to achieve the control objectives as of the specified period.
- A service auditor’s assurance report.
SOC 1 SSAE 18 Resource Guide
To learn more about the AICPA SOC reporting framework, which includes SOC 1, SOC 2 and SOC 3 reporting, please visit the official SOC Report Resource Guide, developed by NDB. Interested parties will find an abundance of information on SOC 1 SSAE 18, such as the following (and much more):
- Why a New Standard?
- SOC 1 (SSAE 18) and ICFR
- SOC 1 vs. SOC 2
- Description of the System
- SOC 1 (SSAE 18) Written Statement of Assertion
- SOC 1 vs SOC 2