Value beyond compliance.

Data security compliance and advisory.
High touch. High quality. High value.

We believe in a better way.

The Geels Norton way.

"Nick and his team know how to develop a true partnership with their clients. They've been my go-to advisor and SOC 2 auditor across multiple high-growth technology companies. They're easy to work with, take the time to understand our company and our environment, and educate my team on how to improve our overall security and compliance posture."

Jacob Sinkey, Security Compliance Lead at Brex, Inc.

High Touch.
We have a reputation for being ‘different than other auditors’. We're proud of that. As your partner, we educate and navigate you through the world of data security and compliance.

High Quality.
We’ve launched data security and compliance practices for regional CPA firms. We’ve led specialty practices at one of the largest firms worldwide. Now, we're bringing our expertise directly to you.

High Value.
A superior experience at a fair price. It's why we exist.

Bryan Geels, CPA

Bryan is obsessed with process and efficiency. Continuous improvement and a will to challenge the status quo is built into his DNA. Bryan's passion for technology and innovation has championed Geels Norton’s efficient, streamlined, and value-driven processes.

Bryan loves collaborating with motivated clients who are striving to learn and grow. He has a decade of experience in public accounting, with deep involvement leading assurance engagements from SOC examinations to financial statement audits. A licensed CPA and Certified IDEA Data Analyst (CIDA), Bryan is a proven leader in implementing business analytics practices at CPA firms.

Nick Norton, MPAc, CISA

After achieving Partner at three consecutive top-tier firms, Nick’s unwavering belief that there is a better way helped pave the path for the founding of Geels Norton. He’s learned the positives of a large firm experience, as well as the negatives. He’s witnessed the inefficiencies of the audit industry, and he loves to challenge the status quo to prove there is a better way.

Nick is an industry-recognized SOC and SSPA leader. Through his passion for client service, Geels Norton clients can expect greater efficiencies, higher quality, faster service, enhanced communication, continuous advice and guidance, enriched relationships, and yes, more fun!

SOC 2 is what we do. How we do it makes all the difference.

"I was extremely impressed at how much your process reflected the mission and culture you pitched to us when we first met. It always felt like we were brainstorming together and never just checking boxes or jumping through hoops. Already the conversations we had throughout this process have us thinking about new ways to improve our operations."
Angel Say, CEO at Resolve

You deserve value beyond compliance.

A checkbox approach to compliance may help your company meet minimum standards. Unfortunately, minimum standards rarely prepare companies for future success or increase business value. You deserve an audit partner who listens to your story, learns your business, and develops a compliance approach that supports your company’s unique goals.

Report delivery in two weeks.

Are you tired of receiving your SOC reports months after fieldwork? We have good news - our clients receive their draft reports within two weeks of audit testing.

The world of compliance is changing fast, and we love it.

New compliance software and audit automation tools are introduced daily. We understand the benefits they can provide. We'll help you take advantage of the up-and-coming!

You value your time. So do we.

SOC initiatives are no small undertaking, and you already have a full-time job. Developing control language, mapping controls to the SOC 2 criteria, and developing your company’s control narrative (Section 3) can be dreaded, time-consuming activities. Fortunately, we take care of these activities for you. We'll save you time, money and frustration.

SOC 2 for SaaS. Our specialty.

We know SOC 2 for emerging and high-growth cloud technology companies. We'll help you maintain focus on building exceptional products and comply with SOC 2 criteria through scalable, cloud-friendly IT governance practices.

SOC Readiness - Type 1 - Type 2

Preferred Assessor for Microsoft. Trusted advisor for our clients.

We know SSPA.

We value our long-standing relationship with Microsoft’s SSPA team and we've been recognized for the high-value services provided to Microsoft suppliers. With a deep understanding of Microsoft’s SSPA Program and Data Protection Requirements (DPR), we proudly hold our clients’ hands through the Independent Assessment process, and beyond.

Don’t speak compliance? We’ll translate.

You know your industry. We know ours. Microsoft’s SSPA framework and requirements can be confusing. We’ll help you understand the true intentions behind the framework and ensure your compliance efforts are well-aligned and of business value.

Breathe easy. We've got you.

Navigating the SSPA Aravo portal; updating your supplier profile; understanding your compliance requirements; requesting due date extensions; communicating with SSPA...talk about stress! You need an SSPA partner. We're here for you.

Not in compliance? Not a problem!

We don't expect you to be fully-compliant with Microsoft's DPR at the start of your assessment. Our proven process identifies your compliance gaps and provides specific recommendations for remediation. We hold your hand through remediation to ensure 100% compliance.

SSPA FAQs

How long is the assessment process?
Typically, 3-6 weeks depending on supplier preparedness and compliance gaps identified during the assessment.

What is the cost of an assessment?
Assessment costs are client-specific and take into consideration factors including the type of data processed (personal and/or confidential), the number of applicable DPR, complexity of services performed for Microsoft, complexity of information systems, and the maturity of your data privacy and security programs.

What if we don't pass the assessment?
SSPA assessments are not pass/fail - Microsoft will only accept Independent Assessment letters if the supplier is able to demonstrate compliance with all applicable DPR. If we identify gaps in your compliance with any DPR, we will help you understand the remediation actions required for completion of the assessment.

How often are we required to undergo an assessment?
Independent Assessments are required during new supplier enrollment and annually during Microsoft's annual supplier renewal process. An Assessment may be required more often if changes are made to your Data Processing Profile in Microsoft's Aravo portal.

Cybersecurity with practicality.

"There are only two types of companies: those that have been hacked, and those that will be."

Robert Mueller, former FBI Director

Cybersecurity and data privacy can be a constantly evolving ball of confusion. We partner with you to take a practical, business-first approach to understanding and managing your cyber risks.

Our practical approach:

1. Identify the cyber risks and requirements specific to your company

2. Assess the current state of your cybersecurity program

3. Establish a roadmap to mitigate your risks and achieve your cybersecurity goals

4. Support your ongoing cybersecurity and risk management initiatives

Are you seeking a true partner for your data security and compliance journey?
We'd love to connect.

Give us a call, send an email, or inquire through the form below.