SOC 2 readiness assessment
Gauge your readiness for a SOC 2 audit, and leave with your priorities.
≈ 5 minutes · no sign-up
SOC 2 proves your controls to customers. Answer the 18 statements below: everything is computed in your browser, and no answer is stored.
Answer each statement based on your real situation. Your score and priorities appear instantly in your browser. Nothing is sent anywhere.
1.Scope and criteria
2.Security (Common Criteria)
3.Monitoring and incidents
4.Vendor management
5.Governance and control environment
6.Evidence and readiness
Answer every statement to reveal your score.
FAQ
What is SOC 2?
SOC 2 is an attestation report, issued by a CPA firm under the AICPA framework, that evaluates your controls against the Trust Services Criteria. It is not a certification.
Type I or Type II?
Type I evaluates the design of controls at a point in time. Type II evaluates their operating effectiveness over a period, typically 3 to 12 months. Customers usually ask for Type II.
What are the criteria?
Five Trust Services Criteria: Security (the Common Criteria, always required), Availability, Processing Integrity, Confidentiality and Privacy. You scope in the ones relevant to your service.
How long does it take?
A Type II covers an observation period, often 3 to 12 months, during which evidence must be collected continuously. Upfront preparation drives success.
Does this assessment replace the auditor?
No. It is an indicative tool to gauge your readiness and prioritize your actions. Only a qualified auditor can issue a SOC 2 report.