Document SOC 2 READINESS CHECK
Prepared for SMALL SAAS TEAMS
Scope 18 QUESTIONS
Status NO SIGNUP REQUIRED

Where do you actually stand on SOC 2®?

A 5-minute honest self-check for founders and CTOs at small SaaS teams. No signup to see your score.

5-minute check Immediate score Category breakdown Optional email report

SOC 2 gets fuzzy before it gets organized.

Ref Observation Detail
F-01

What this is

18 questions across 5 areas. Yes, no, partial, or not sure. You get a score and a category breakdown immediately.

F-02

What this isn't

Not a real audit. Not legal advice. Not gonna replace an auditor. If you are 100% on this check, you are probably 70% ready for a real one.

F-03

Why it exists

Small SaaS teams often start SOC 2® with a vague sense that they are behind. This check turns that uncertainty into a concrete gap list before you talk to auditors, consultants, or software vendors.

Recommendation: answer the check, then use the score as a plain-English gap list.

Three steps. No consultant theater.

2.1

Answer the readiness questions

Work through policies, access, vendors, infrastructure, people, and change using yes, partial, no, or not sure.

est. 5 min
2.2

Read the category breakdown

See which areas are strongest, which gaps matter first, and why those gaps show up in auditor conversations.

output score
2.3

Keep the report if it helps

Share the results link or request the email summary when you want the score and next steps in your inbox.

optional email

The areas that usually decide whether SOC 2 is real or wishful.

Answer 18 plain-English SOC 2® readiness questions across policies, access, vendors, infrastructure, and people.

3.1 - Foundation

Foundation and policies

Some of the basics exist, but they are probably scattered. The work here is mostly making implicit rules explicit.

3.2 - Access

Access and identity

You have pieces of access control, but the review loop is not tight yet. Quarterly checks will make this feel much less scary.

3.3 - Vendors

Risk and vendors

You know who your vendors are but you're not fully collecting their security docs. That's a two-hour fix for the critical ones.

3.4 - Infrastructure

Infrastructure and monitoring

The technical foundation is partly there. The biggest risk is usually backup restore testing or log retention being assumed rather than proven.

3.5 - People

People and change

You have pieces of the operating rhythm. Turn them into short docs and make sure the team has actually seen them.

Also in scope: immediate scoring · lowest-category recommendations · shareable result link · optional email report

A working paper you can use before the real audit work starts.

$0 /check

Free to use. No signup required to see your score.

Start the check
Schedule of outputs §4.1
Overall SOC 2 readiness scoreIncluded
Category-level progress barsIncluded
Weakest-area next stepsIncluded
Share link and email reportOptional
Total due$0.00

Useful, but not an audit.

5.1

Informational only

This tool is not a SOC 2 audit, not legal advice, and not a substitute for an auditor. Results are based on your self-assessment and are for informational purposes only.

5.2

Published by AuditBadger

SOC2Check is published by AuditBadger and is intended to help potential customers understand their SOC 2 readiness. If the check shows gaps that need an operating system, AuditBadger is one product you can evaluate.

Turn the vague SOC 2 feeling into a specific gap list.

Start with the check. You will see the score before you decide whether to share an email.

Start the check No signup required.