SOC 2 Readiness
SOC 2 Type 1 and Type 2 readiness covering Trust Service Criteria selection, control design, policy and evidence development, control implementation, readiness assessment, and clean handoff to your chosen audit firm.
How it runs
- 01
Scope & Criteria Selection
Define the systems and services in scope and select the Trust Service Criteria. Security is mandatory; add Availability, Confidentiality, Processing Integrity, or Privacy based on customer demand.
- 02
Control Gap Analysis
Assess current controls against the AICPA criteria and common control frameworks. Document gaps, undocumented controls, and shadow processes that need to be made visible.
- 03
Policy & Evidence Development
Author or refresh the policy stack, build procedure documents, and define the evidence each control will produce. Make evidence collection a normal byproduct of operations, not a quarterly scramble.
- 04
Control Implementation
Stand up missing controls: access reviews, change management, vulnerability management, vendor risk, incident response, and monitoring. Tooling choices favour automation and continuous evidence.
- 05
Readiness Assessment
Run a mock audit covering control design and operating effectiveness over a representative window. Identify weaknesses while there is still time to fix them before the real audit.
- 06
Auditor Handoff
Hand a clean evidence package to the chosen audit firm, support fieldwork, and act as the project manager during the audit to keep findings minimal and timelines on track.
AI assist
What you receive
- Scope and Trust Service Criteria selection
- Control gap analysis and remediation plan
- Refreshed policy and procedure stack
- Implemented controls with evidence pipelines
- Readiness assessment report
- Audit-ready evidence package
- Auditor liaison support during fieldwork
Ready to scope this engagement?
Every engagement is scoped individually. Get a tailored quote within 24 hours.