SOC 2 Readiness Checker
SOC 2 (Service Organization Control 2) is a framework for managing customer data based on five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. This tool assesses your readiness across all five criteria to help you prepare for a successful SOC 2 Type II audit.
Progress: 0/24
Security — CC Series
0/8Availability
0/4Processing Integrity
0/4Confidentiality
0/4Privacy
0/4Security — CC Series
Assessment of security controls across the Common Criteria series.
Q1
Do you have a formal, board-approved information security policy that defines roles, responsibilities, and acceptable use, and is reviewed at least annually?
Q2
Do you perform background checks on all employees and contractors before granting access to production systems or customer data?
Q3
Do you conduct a formal risk assessment at least annually that identifies threats to your system, evaluates likelihood and impact, and produces a risk treatment plan?
Q4
Are all logical access points to production systems protected with MFA, unique user IDs, and centralized identity management (e.g., SSO via SAML/OIDC)?
Q5
Do you perform vulnerability scanning on all production systems at least quarterly and penetration testing at least annually by a qualified third party?
Q6
Do you have a documented change management process that requires peer review, approval, and separation of duties for all production deployments?
Q7
Do you operate a centralized SIEM or log aggregation platform that correlates events across infrastructure, applications, and identity systems?
Q8
Do you have a documented incident response plan with defined severity levels, communication templates, escalation paths, and post-incident review procedures?
VertiComply
Build HIPAA-compliant healthcare applications with AI-powered code generation.
Product
Features
Pricing
Tools
Company
About
Blog
Contact
Legal
Privacy
Terms
Compliance
© 2026 VertiComply. All rights reserved.
SOC 2 Type II Certified | HIPAA Compliant