SOC 2 Type II

SOC 2 Readiness: Gap Assessment to Evidence Collection.

10 documents for SOC 2 Type II readiness. Trust Service Criteria gap assessment, control mapping matrix, evidence collection templates, and management assertion: everything needed to engage an auditor with confidence.

AICPA SOC 2Trust Service CriteriaISO 27001 (alignment)

Buy Now: $1,099 AUD →

What's Included

10 documents: ready to implement.

AIR-SOC2-001

SOC 2 Readiness Gap Assessment

Trust Service Criteria gap assessment across CC, A, C, PI, and P criteria: current state vs required controls

AIR-SOC2-002

Trust Service Criteria Control Mapping

Control inventory mapped to Common Criteria (CC1–CC9), Availability, Confidentiality, Processing Integrity, and Privacy

AIR-SOC2-003

System Description Template

Management's description of the system: service scope, components, and principal service commitments

AIR-SOC2-004

Risk Assessment and Control Design

SOC 2 risk assessment with control design evidence and operating effectiveness rationale

AIR-SOC2-005

Evidence Collection Tracker

Structured evidence collection log with auditor evidence request mapping and status tracking

AIR-SOC2-006

Access Control and Logical Security Policy

CC6: user access provisioning, deprovisioning, privileged access, and access review procedures

AIR-SOC2-007

Change Management Policy and Log

CC8: software development lifecycle controls, change approval, and deployment evidence requirements

AIR-SOC2-008

Vendor Management and Monitoring Procedure

CC9: third-party vendor assessment, monitoring, and SLA compliance tracking

AIR-SOC2-009

Incident Response and Communication Plan

CC7: security incident detection, response, and customer communication procedures

AIR-SOC2-010

SOC 2 Audit Preparation Checklist

Final pre-audit readiness checklist covering documentation completeness, evidence gaps, and auditor engagement

Key Features

What makes this different.

All five Trust Service Criteria

Common Criteria (CC), Availability (A), Confidentiality (C), Processing Integrity (PI), and Privacy (P): the readiness assessment covers all five criteria so you can select your scope.

System description template included

The management system description (Point of Focus: Management's Description) is the document auditors scrutinise most: AIR-SOC2-003 provides the complete required structure.

Evidence collection tracker

SOC 2 auditors submit evidence requests (PBCs: Prepared By Client). AIR-SOC2-005 maps your controls to typical PBC requests so you know exactly what to collect.

Works with Type I and Type II

The gap assessment and control mapping support Type I (point in time) readiness, while the evidence collection and monitoring documents support Type II (period of operation) preparation.

Who this is for
SaaS and technology companies responding to enterprise customer SOC 2 requirements. Startups preparing for their first SOC 2 Type II audit. Security and compliance teams managing the SOC 2 readiness programme.

Common Questions

FAQ

Type I assesses whether controls are suitably designed at a point in time. Type II assesses whether controls operated effectively over a period (typically 6–12 months). This pack supports both, with the evidence collection documents most valuable for Type II.

Security (Common Criteria) is mandatory for all SOC 2 reports. Availability, Confidentiality, Processing Integrity, and Privacy are optional and should be included based on your customer commitments. The gap assessment covers all five.

Yes: SOC 2 reports must be issued by an accredited CPA firm. This pack prepares you to engage an auditor efficiently, not replace the audit.

Type I: 2–4 months. Type II: 6–12 months of control operation plus 1–2 months for audit. The readiness gap assessment helps you understand your current state and prioritise remediation.

Ready to implement?

Download SOC 2 Readiness Pack today: $1,099 AUD, instant delivery.

Buy Now: $1,099 AUD → Browse all products