Foundation and policies
Some of the basics exist, but they are probably scattered. The work here is mostly making implicit rules explicit.
A 5-minute honest self-check for founders and CTOs at small SaaS teams. No signup to see your score.
F-01
18 questions across 5 areas. Yes, no, partial, or not sure. You get a score and a category breakdown immediately.
F-02
Not a real audit. Not legal advice. Not gonna replace an auditor. If you are 100% on this check, you are probably 70% ready for a real one.
F-03
Small SaaS teams often start SOC 2® with a vague sense that they are behind. This check turns that uncertainty into a concrete gap list before you talk to auditors, consultants, or software vendors.
Work through policies, access, vendors, infrastructure, people, and change using yes, partial, no, or not sure.
est. 5 minSee which areas are strongest, which gaps matter first, and why those gaps show up in auditor conversations.
output scoreShare the results link or request the email summary when you want the score and next steps in your inbox.
optional emailAnswer 18 plain-English SOC 2® readiness questions across policies, access, vendors, infrastructure, and people.
Some of the basics exist, but they are probably scattered. The work here is mostly making implicit rules explicit.
You have pieces of access control, but the review loop is not tight yet. Quarterly checks will make this feel much less scary.
You know who your vendors are but you're not fully collecting their security docs. That's a two-hour fix for the critical ones.
The technical foundation is partly there. The biggest risk is usually backup restore testing or log retention being assumed rather than proven.
You have pieces of the operating rhythm. Turn them into short docs and make sure the team has actually seen them.
Also in scope: immediate scoring · lowest-category recommendations · shareable result link · optional email report
5.1
This tool is not a SOC 2 audit, not legal advice, and not a substitute for an auditor. Results are based on your self-assessment and are for informational purposes only.
5.2
SOC2Check is published by AuditBadger and is intended to help potential customers understand their SOC 2 readiness. If the check shows gaps that need an operating system, AuditBadger is one product you can evaluate.
Start with the check. You will see the score before you decide whether to share an email.