SOC 2
Audit & Assurance
Cloud/SaaS
For technology and service organizations, a SOC 2 report has become the baseline expectation customers demand before entrusting you with their data. This assessment measures your control environment against the AICPA Trust Services Criteria — the mandatory Security common criteria (CC1–CC9) plus the optional Availability, Processing Integrity, Confidentiality, and Privacy categories. It examines your control environment, risk assessment, monitoring, logical and physical access, system operations, change management, and vendor oversight, aligned with the COSO Internal Control framework. The results help you identify gaps and build toward a clean Type I or Type II report.
11
Domains
28
Questions
~28 min
Estimated Time
What You'll Be Assessed On
Scope & Report Type
Applicability Check
3 questions
CC1–CC2 — Control Environment & Communication (COSO)
4 questions
CC3–CC4 — Risk Assessment & Monitoring (COSO)
3 questions
CC5 — Control Activities
1 question
CC6 — Logical & Physical Access Controls
3 questions
CC7–CC8 — System Operations & Change Management
3 questions
CC9 — Risk Mitigation & Vendor Management
2 questions
Confidentiality — Data Protection
2 questions
Availability — System Uptime & Recovery
2 questions
Processing Integrity — Data Accuracy
2 questions
Privacy — PII Management
3 questions
Step-by-Step
Answer questions one domain at a time with progress tracking.Instant Scoring
Get a weighted maturity score and per-domain breakdown immediately.Actionable Roadmap
Receive a phased remediation plan tailored to your results.
Takes approximately 28 minutes to complete.