Service

SOC 2 Scope Snapshot

Enterprise customer wants SOC 2. Before you spend $30K on auditors, you need to know what you're getting into. We define your scope, map your controls, and show you every gap.

10 business days
60+ controls mapped
Auditor-ready docs
Get Started — $2,490

This is for you if:

  • A big customer is asking for SOC 2 and you've never done it
  • You want to know the gaps before paying for an audit
  • A deal is stuck until you can show SOC 2 progress
  • You need to budget and plan for the full SOC 2 journey
60+
Controls mapped
10
Days delivery
5
TSC categories
100%
Auditor-ready
Mount Rainier

What you get

01

Trust Service Criteria Selection

Which TSCs you actually need—Security, Availability, Confidentiality, Processing Integrity, Privacy. Most companies only need 1-2. We help you choose based on what your customers actually require.

02

System Boundary Definition

What's in scope, what's out. Clear documentation that auditors can understand and verify. This is the foundation everything else builds on.

03

Control Mapping

60+ controls mapped to your environment. What you have in place, how it satisfies the criteria, and where there are gaps in coverage.

04

Gap Analysis

What's missing, what needs work, and specific recommendations to close each gap. Prioritized so you know what to tackle first.

05

Auditor Prep Document

A summary document formatted for auditor consumption. When you start the engagement, hand them this and skip weeks of back-and-forth.

06

Remediation Roadmap

Step-by-step plan to close your gaps. Estimated effort for each item so you can budget time and resources appropriately.

The process

8 steps from intake to complete SOC 2 readiness assessment.

1

Submit intake

Online form

2

Environment review

Your stack

3

TSC selection

Scope defined

4

Boundary mapping

In vs out

5

Control assessment

60+ controls

6

Gap analysis

What's missing

7

Roadmap draft

Prioritized

8

Delivery

Full report

Devils Tower
Devils Tower
Scope

What's included

Included
  • Trust Service Criteria selection
  • System boundary definition
  • 60+ control mapping
  • Gap analysis with priorities
  • Remediation roadmap
Also
  • Auditor prep document
  • Evidence inventory checklist
  • Policy gap identification
  • 30-day email support

Important

This engagement constitutes a readiness assessment and does not constitute a SOC 2 audit. SOC 2 examinations must be performed by a licensed Certified Public Accountant (CPA) firm. This assessment prepares your organization for audit by identifying and addressing control gaps in advance.

Trust Service Criteria

SOC 2 has five categories. Security is required. The other four are optional. Most SaaS companies pick Security + Availability. We help you choose what actually makes sense for your customers.

Security
Required

Protection against unauthorized access

Availability
Common

System uptime and performance

Confidentiality
Sometimes

Protection of confidential data

Processing Integrity
Rare

Accurate and complete processing

Privacy
Sometimes

Personal information handling

Before vs After

Without assessment

Unknown scope and TSC needs

Gaps discovered during audit

Auditor estimates way off

Weeks of back-and-forth

Surprise remediation costs

With SOC 2 Snapshot

Clear scope and TSC selection

All gaps known upfront

Accurate auditor quotes

Auditor-ready documentation

Budget with confidence

Result

Audit-ready in 10 days

Common questions

Type 1 or Type 2?

Type 1 is a point-in-time snapshot—controls exist on a specific date. Type 2 covers a period (usually 6-12 months) and shows controls worked consistently. Most buyers want Type 2, but you often start with Type 1.

How long does the full SOC 2 process take?

This snapshot takes 10 days. A full Type 2 audit typically takes 3-6 months total (observation period plus audit time). This package gets you ready to start that clock.

Do you do the actual audit?

No. Audits have to be done by a licensed CPA firm. We do the prep work so when you talk to auditors, you know exactly where you stand and what they'll find.

What if we're not ready for SOC 2?

That's fine—most companies aren't when they start looking into it. This snapshot tells you exactly what you need to fix before engaging auditors.

How much does a SOC 2 audit cost?

Auditor fees typically run $20K-50K for Type 2, depending on scope and firm. Our snapshot is $2,490 and helps you negotiate better with auditors because you already know your situation.

Which Trust Service Criteria do most companies pick?

Security is required for everyone. Most SaaS companies add Availability. Confidentiality and Privacy are situational—depends on what data you handle. Processing Integrity is rare outside fintech.

Know what SOC 2 will take before you commit.

We define your scope, map 60+ controls, and show you every gap. 10 days, $2,490. Then you can decide if and when to engage auditors.

Get Started