SOC 2 Compliance Management

2026 Assessment & Readiness Tool

How the SOC 2 Assessment Tool Works

This free tool helps your organization plan, track, and achieve SOC 2 (and SOC 1/3) compliance. Everything runs in your browser — no account required, no data leaves your device.

Quick Start

  1. Select your target SOC report type (SOC 1, SOC 2 Type I/II, or SOC 3) using the filter at the top of the Assessment tab.
  2. Work through each Trust Service Principle, checking off controls you have implemented.
  3. Add notes or evidence links to each requirement for audit documentation.
  4. Use the Reports tab to generate a gap analysis, evidence checklist, or readiness assessment.
  5. Export your progress as PDF or CSV to share with your auditor or compliance team.

The Five Tabs

1

Assessment

The core checklist. All AICPA Trust Service Principles are listed here — Security (CC1–CC9), Availability (A1), Processing Integrity (PI1), Confidentiality (C1), and Privacy (P1–P8). Updated for 2026 to include AI/ML governance, zero trust network access, SBOM, IaC security scanning, SIEM platforms, EDR deployment, ransomware response playbooks, tabletop exercises, DDoS mitigation, phishing simulation programs, board-level security governance, multi-state US privacy law compliance, breach notification timelines, and cross-border data transfer mechanisms.

  • Click a principle to expand its criteria and individual requirements.
  • Check off each requirement you have implemented.
  • Click any requirement to open a detail panel where you can add notes or create a linked task.
  • Use the Report Type filter to see only the controls relevant to your target SOC type.
  • Use the search bar to find specific controls quickly.
2

Dashboard

A visual overview of your compliance progress across all principles. Shows percentage completion per Trust Service Principle so you can see at a glance where you are strong and where gaps exist.

  • Progress bars per principle update in real time as you check off requirements.
  • Overall compliance score shown as a single percentage.
  • Use this view to prioritize which areas need the most work.
3

Tasks

A lightweight task tracker for compliance work items. Create tasks for any requirement, assign them to team members, set due dates, and track completion.

  • Add tasks manually or create them directly from a requirement in the Assessment tab.
  • Tasks include a title, description, assignee, and due date.
  • Mark tasks complete or delete them as you progress.
4

Reports

Generate audit-ready reports based on your current checklist state. Four report types are available, plus a SOC certification path tracker.

  • Compliance Summary — snapshot of your overall and per-principle progress.
  • Gap Analysis — lists all incomplete requirements grouped by principle with recommendations.
  • Evidence Checklist — itemized list of evidence artifacts to collect, with collection frequency.
  • Audit Readiness — weighted readiness score with targeted recommendations.
  • All reports can be exported as PDF. Your full dataset can be exported as JSON or CSV.
  • The SOC Path Tracker lets you mark progress through the certification journey steps for SOC 1, SOC 2, and SOC 3.
5

Education

Comprehensive reference material to help you understand which SOC report type fits your situation and what auditors look for.

  • Interactive decision guide: answer four questions to find the right SOC report for your organization.
  • Side-by-side comparison table for SOC 1, SOC 2, and SOC 3.
  • 2026 Emerging Compliance Areas panel covering AI/ML governance, zero trust, software supply chain, and cloud-native security.
  • Detailed descriptions of each SOC type with audience, focus, and examples.

Your Data & Privacy

100% Local Storage

All checklist progress, notes, and tasks are stored in your browser's localStorage. Nothing is sent to any server. Clearing your browser data will clear your progress.

Export & Backup

Use the Export button in the Assessment tab to download your full dataset as JSON. Re-import it later to restore your progress on any device.

Frequently Asked Questions

Is this tool a substitute for a real SOC 2 auditor?

No. This tool helps you prepare for a SOC audit by tracking control implementation and identifying gaps. An official SOC 2 report must be issued by a licensed CPA firm performing an SSAE 18 engagement.

Which SOC type should I start with?

Most organizations starting from scratch target SOC 2 Type I first (2–4 months, lower cost), then proceed to Type II (6–12 month observation period). Use the Education tab's decision guide to confirm the right path for your situation.

Are the 2026 requirements officially part of the AICPA TSC?

The AICPA's Trust Services Criteria (SSAE 18) are the authoritative standard. The 2026 additions in this tool (AI/ML governance, zero trust, SBOM, IaC, cloud resilience) reflect areas that modern auditors increasingly examine under existing TSC criteria — they are not separate official criteria.

Can I share my progress with my team?

Export your data as JSON from the Assessment tab, then share the file. Your teammates can import it using the Import button on the same page to load your saved state.

← Start Your Assessment