SOC 2 Readiness Checklist

Last updated: April 2026

Use this checklist to assess your SOC 2 readiness before engaging an auditor. ComplianceGuard automates the evidence collection for all items marked with the Auto badge.

Access Control

Password policy enforces minimum length and complexityAuto

Multi-factor authentication enabled for all admin accountsAuto

User account list reviewed quarterlyAuto

Terminated employee accounts disabled within 24 hoursAuto

Access provisioning process documented

Encryption

Disk encryption enabled on all endpoint machinesAuto

AWS S3 buckets encrypted at restAuto

Data in transit encrypted with TLS 1.2 or higher

Database encryption enabled

Audit Logging

Windows Event Log / macOS audit log enabledAuto

AWS CloudTrail enabled in all regionsAuto

Log retention policy defined (minimum 90 days)

Logs reviewed regularly for anomalies

Incident Response

Incident response plan documented

Security event alerting configuredAuto

Incident response plan tested in last 12 months

Incident log maintained

Vendor Management

Third-party vendor list maintained

Vendor security reviews conducted annually

Vendor contracts include security requirements

Change Management

Software inventory maintainedAuto

Code review process documented

Deployment process documented

Change log maintained

ComplianceGuard automates evidence collection for all items marked Auto above. Download free to see your current score across all 29 SOC 2 controls.

Download Free