SOC 2 Type 1 Audits
Fixed-fee SOC 2 AT 101 Type 1 Assessments
SOC 2 AT 101 Type 1 assessments are provided by NDB at competitive, fixed-fee rates, and to businesses all throughout North America and beyond. SOC 2 reports, for which you can receive either a SOC 2 Type 1 or Type 2, are part of the AICPA Service Organization Control (SOC) framework.
Additionally, SOC 2 reports are conducted in accordance with AT 101, a professional standard that provides general guidance on attest engagements performed by practitioners (i.e., certified public accountants). Many organizations that don't have a clear relationship or nexus to internal controls related to financial reporting (a concept known as ICFR), should consider undertaking a SOC 2 assessment, or possibly even a SOC 3 assessment.
- SOC 1 SSAE 18 Readiness Assessments
- SOC 1 SSAE 18 Remediation
- SOC 1 SSAE 18 Audits
- SOC 1 SSAE 18 Type 1 Assessments
- SOC 1 SSAE 18 Type 2 Assessments
- SOC 2 Readiness Assessments
- SOC 2 Remediation
- SOC 2 Type 1 audits
- SOC 2 Type 2 audits
- SOC 2 Audits for AWS
- SOC 2 Audits for Microsoft Azure
- SOC 2 Audits for Google GCP
- SOC 2 HIPAA Readiness Assessments
- SOC 2 HIPAA Audits
- SOC 2 HITRUST Audits
- SOC 2 HITRUST Audits (2)
Five Trust Services Criteria to Choose From
SOC 2 reports were designed by the AICPA to include the ever-growing number of technology service organizations, such as Software as a Service (SaaS) entities, data centers, and many other related "cloud computing" environments. Additionally, SOC 2 reports rely on the Trust Services Criteria (TSP) as the essential framework of the assessment itself. Trust Service Criteria (TSP) consists of the following:
- Security
- Availability
- Processing integrity
- Confidentiality
- Privacy
SOC 2 Audits – Essential for Technology Companies
Initially, the SOC 2 reporting option did not generate much interest from service organizations and service auditors alike, but this has quickly changed as interested parties are finding real value in SOC 2 reports. Much of this is based on the fact that a large and growing number of service organizations are identified as technology entities, thus the SOC 2 framework is more applicable to their business environment. Some organizations are opting for both SOC 1 and SOC 2 reports in order to satisfy their customer’s requirements for reporting on internal controls.
Learn More About SOC 2 Audits from NDB
Interested parties can learn much more about SOC 2 reporting from NDB’s official SOC Resource Guide, a site dedicated to all facets of Service Organization Control (SOC) reporting options, which are SOC 1, SOC 2 and SOC 3. Learn more about notable topics related to SOC 2 reporting, such as the following:
- SOC 1 vs. SOC 2
- SOC 2 Reporting Framework
- SOC 2 Compliance
- AT Section 101
- SOC 3