SOC 2 Type II Readiness Tracker
Trust Service Criteria control tracker, evidence vault, and auditor portal — same audit-defensible discipline as the CMMC tracker, mapped to AICPA TSCs for B2B SaaS.
Open the live SOC 2 Type II Readiness Tracker demo
Public, fully interactive, populated with sample data so the value prop is visible immediately. No sign-up needed — open it in a new tab and explore.
The pain
Every B2B SaaS company between $5M and $500M revenue eventually has a customer ask for a SOC 2 Type II report. They scramble through six months of evidence collection in three weeks, get a qualified opinion, lose deals, and start over the next year. The market is dominated by Vanta and Drata at $40K+/year — there is room for a sized-right tool with a senior implementation lead attached.
What gets built
- AICPA Trust Service Criteria pre-loaded (Security CC1-CC9, Availability, Confidentiality, Processing Integrity, Privacy)
- Per-control: status, owner, evidence artifacts, last review date, test notes
- Evidence vault with content-hash integrity (shared with MVP 03 Evidence Hub)
- Auditor portal: signed read-only access for the CPA firm with watermarked downloads
- Audit history and prior-attestation tracker — every Type II report builds on the last
- Crosswalk: same evidence proves SOC 2 + ISO 27001 + NIST 800-171 simultaneously
Stack
- Same stack as MVP 01
- AICPA TSC catalog
- Pandoc evidence-binder export
- Cross-references with MVPs 01/03
Effort to ship
4–5 weeks for v1
Open the live SOC 2 Type II Readiness Tracker demo
Public, fully interactive, populated with sample data so the value prop is visible immediately. No sign-up needed — open it in a new tab and explore.