SOC 1 SSAE Type 2 audits

SOC 1 Type 2 assessments are commonplace in many areas when financial consideration is given to internal controls. It's called ICFR – “Internal Controls Related to Financial Reporting”. Think banks, financial services, payroll companies, trusts/actuary, etc.

Any type of service organization that is working with financial data that could impact the financial reporting for THEIR clients – then these very service organizations are a candidate for SOC 1 compliance, and not SOC 2 compliance.

Essential things to note about SOC 1 SSAE Type 2 audits

1. Testing Periods

   SOC 1 SSAE 18 Type 2 audits have test periods, generally six months long (but sometimes longer, and in rare cases, sometimes shorter), as opposed to SOC 1 SSAE 18 Type 1 audits which are just assessed for a specific data in time, such as August 27 20xx.

2. Remediation is Key to SOC 1 SSAE 18 Type 2 Audits

   Developing missing policies and procedures, correcting security issues and holes within your I.T. environment – and more – are all essential measures to perform BEFORE you actually begin the audit. Rarely does a service organization dive right into a SOC 2 Type 2 assessment without performing any type of meaningful remediation work. There’s nothing wrong with having to perform essential remediation activities – all companies do it – so keep this in mind. NDB offers comprehensive SOC 2 Scoping & Readiness Assessments for fixed fees.

3. Reporting

   SOC 1 Type 2 reports are the preferred choice when it comes to compliance reporting in comparison to a SOC 1 Type 1, and that’s because a SOC 1 Type 2 actually involves testing of controls. This, in turn, creates a report that has more value than a SOC 1 Type 1.

4. Documentation is critical

   That’s right, policies and procedures are a big part of SOC 1 Type 2 compliance, and NDB offers a complimentary set of SOC 1 policy templates to all of our valued clients. It’s just another reason why organizations all throughout North America turn to NDB. Please contact us today or call Christopher Nickell at 1-800-277-5415, ext. 706 or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. to discuss your needs.

5. Risk Assessments & Security Awareness Training is Critical

   Two (2) key areas for SOC 1 compliance that must be met are performing an annual risk assessment, along with undertaking annual security awareness training for all in-scope employees. With risk assessments and security awareness training, you have a multitude of options for helping perform such activities.

6. Continuous Monitoring of Controls is Essential

   Becoming SOC 1 compliant is a great milestone indeed, but you’ll need to continuously monitor your controls for ensuring compliance long after the auditors have left. NDB can assist with regular continuous monitoring. Please contact us today or call Christopher Nickell at 1-800-277-5415, ext. 706 or at This email address is being protected from spambots. You need JavaScript enabled to view it. to discuss your needs.