Free download · PDF

The SOC 2 Readiness Checklist

Preparing for your first SOC 2 audit to close an enterprise deal? This checklist walks you through exactly what to scope, which controls to implement, what evidence auditors ask for, and a realistic timeline.

Scope: Trust Service Criteria to include in year one and how to defend that scope to the auditor.
Controls: The 60+ baseline controls most SaaS companies need, mapped by owner.
Evidence: Screenshots, policies, logs, and tickets your auditor will request, with examples.
Timeline: A 12-week path from kick-off to Type I report, with the common blockers that push teams to 18+.

Sanitized sample SOC readiness report

See exactly what your readiness report will look like. We send a redacted SOC 2 readiness report — control gaps, evidence requests, and remediation guidance included — in exchange for a work email.

Available sample reports

Pick the readiness report closest to your stage and we will send a sanitized copy to your work email.

Cyvex Penetration Testing Example

The SOC 2 Readiness Checklist

Sanitized sample SOC readiness report

Available sample reports

Cyvex Penetration Testing Example