Dashboard

0

Implemented

0

In Progress

0

Pending

0%

Completion Rate

Getting Started

Welcome to your SOC-2 Compliance Manager Streamline your SOC-2 compliance journey with pre-configured controls covering all Trust Service Criteria, complete with guided policies, procedures, and evidence tracking.

How to Use This Tool:

  • Trust Service Criteria: Select which TSC categories apply to your business
  • Controls: Review and implement controls for your selected categories
  • Policies: View all policies across your controls in one table
  • Procedures: View all procedures with sorting, filtering by role, and direct links
  • Roles: See all roles required and assign people to them
  • Lists: Track assets, vendors, personnel, and infrastructure
  • Forms: Collect structured compliance evidence

Trust Service Criteria

How to Identify Which TSCs Apply to You:

  • Security (Required): All SOC-2 reports must include Security. Includes 28 controls covering the nine Common Criteria (CC1-CC9).
  • Availability: Choose if your service has uptime commitments (SLAs) or if system availability is critical to your customers.
  • Processing Integrity: Choose if data accuracy, completeness, and timely processing are essential.
  • Confidentiality: Choose if you handle confidential information beyond just personal data.
  • Privacy: Choose if you collect, use, retain, disclose, or dispose of personal information (PII).
Important: Security is mandatory for all SOC-2 audits. At minimum, you'll need Security + at least one other category based on your business model.

Organization Controls

About Controls: Controls are specific requirements your organization implements to meet SOC-2 criteria. Each control should have associated policies (what you do), procedures (how you do it), and evidence (proof you did it).
📋

No Controls to Display

Select applicable TSC categories in Trust Service Criteria to see relevant SOC-2 controls, or add your own custom controls.

Policies

0 policies
Control Policy Owner Procedures

Procedures

0 procedures
Control Policy Procedure Frequency Roles

Roles & Responsibilities

About Roles & Responsibilities: This section shows all roles required across your policies and procedures. Use this to understand which positions need to be staffed and their compliance-related duties.
Role Policies/Procedures Control Areas

Role Name

Control Areas
Policies & Procedures

Role Assignments

About Role Assignments: Assign specific individuals to roles identified in your procedures. Track who is responsible for each role and when the assignment became effective.

Lists & Inventory Management

About Lists: Lists help you maintain inventories of people, assets, vendors, and other resources critical for SOC-2 compliance.

Forms & Documentation

About Forms: Forms provide structured data collection for SOC-2 compliance activities. Each form can be associated with specific procedures and instantiated for specific dates or quarters.

Quick Reference Guide

Complete SOC 2 Control Coverage

Foundation (CC1-CC5)

  • CC1: Control Environment (5 controls)
  • CC2: Communication & Info (3 controls)
  • CC3: Risk Assessment (4 controls)
  • CC4: Monitoring (2 controls)
  • CC5: Control Activities (3 controls)

Organizational governance, communication, risk management, and control framework.

Access & Operations (CC6-CC8)

  • CC6: Access Controls (8 controls)
  • CC7: System Operations (5 controls)
  • CC8: Change Management (2 controls)

Technical controls for access, monitoring, backups, and change processes.

Risk & Additional TSCs (CC9+)

  • CC9: Risk Mitigation (2 controls)
  • A1: Availability (3 controls)
  • PI1: Processing Integrity (5 controls)
  • C1: Confidentiality (2 controls)
  • P1-P8: Privacy (8 controls)

Business continuity, vendor management, and optional TSC controls.

Complete Coverage: This manager includes 52 pre-configured SOC 2 controls covering all Common Criteria (CC1-CC9) plus controls for Availability, Processing Integrity, Confidentiality, and Privacy. Each control includes policies with detailed procedures to help you get started quickly.

Policy Name

Control ID

Policy description will appear here

Owner name

Procedures

Procedure Name

Policy Name

Procedure steps will appear here

Frequency

Evidence location