SOC 2 Readiness Checklist

What's inside

• Common Criteria (CC1–CC9): control environment, risk assessment, access, operations, change management, incident response, and vendor risk
• Availability criteria (A1) — for SaaS companies with uptime commitments
• Confidentiality criteria (C1) — for data classification and encryption
• Formatted for printing — save as PDF with one click

Built from real SOC 2 audit experience — these are the items auditors actually review.