Strondex
85 controls · 11 categories

SOC 2 Readiness Checklist & Workbook

SOC 2 audits fail on missing evidence, not missing intentions. This workbook maps 85 controls to all of the AICPA Trust Services Criteria — Control Environment through Confidentiality — so you can score your readiness, close gaps, and walk into your audit with the evidence already organized.

Get the workbook — $197Free 1-page preview (PDF)

One-time purchase · instant download · 85 controls with verification & remediation steps

What's inside

85 controls across 11 categories

Every control is plain-language, prioritized by severity, and paired with how to verify it and how to fix it. Organized into 11 sections.

Access Control13
Operations11
Change Management8
Control Environment7
Risk Assessment7
Risk Mitigation7
Availability7
Confidentiality7
Communication6
Monitoring6
Control Activities6

Real sample controls

A look at the highest-severity controls

These are taken directly from the workbook — no paraphrasing.

  • CC3-01CRITICALRisk Assessment

    Run a formal, documented risk assessment process.

  • CC6-01CRITICALAccess Control

    Require approval before any access is granted (formal access provisioning).

  • CC6-02CRITICALAccess Control

    Enforce MFA for all remote access to production systems.

  • CC6-03CRITICALAccess Control

    Limit privileged/admin access to personnel with a clear business need.

SOC 2 Readiness Workbook

$197one-time
  • 85 prioritized controls
  • Verify & fix steps for each control
  • 11 categories across 11 sections
  • Instant download · lifetime access
Get the workbook ›

By purchasing you agree to our Terms. Digital products are non-refundable once accessed.

Free

Not ready to buy?

Download a free one-page preview of this workbook — the highest-impact controls, no email gate. Want the curated top-10 by email instead? Use the form on the homepage.

Download free 1-pager (PDF)Email me the top-10 controls ›

Why teams use Strondex

Built by security professionals

Controls drawn from CIS benchmarks, framework requirements, and real-world assessment findings.

Self-serve, no consultant

Plain-language steps you can action yourself — without the $300/hr engagement.

Honest scope

Exactly 85 controls. No inflated counts, no fabricated reviews — see the samples above.

Frequently asked questions

Is this a SOC 2 Type I or Type II workbook?

The readiness workbook prepares you for either. It focuses on the controls and evidence both report types require; your auditor determines the observation period for a Type II.

Does the workbook include policy templates?

Yes. It includes policy templates and evidence-collection guides alongside the 85 controls so you are not writing documentation from scratch.

Does this replace an auditor?

No. It is a pre-audit readiness tool. A SOC 2 report can only be issued by a licensed CPA firm — this workbook gets you organized and gap-free before that engagement begins.

Explore the rest of the library

47 controls

Cyber Insurance Prep Checklist

47 controls underwriters actually check — know exactly where you stand before renewal.

View $47 ›
80 controls

M365 Security Hardening Checklist

80 CIS-based controls for Microsoft 365 — close the gaps before attackers find them.

View $97 ›
95 controls

AWS Hardening Checklist

95 CIS L1/L2 controls for AWS — IAM, logging, networking, storage, and more.

View $147 ›
88 controls

Azure Hardening Checklist

88 CIS-based controls for Microsoft Azure — identity to networking to Defender.

View $147 ›
78 controls

PCI DSS Compliance Checklist

78 PCI DSS v4.0 controls with SAQ-A and SAQ-D annotations.

View $147 ›

‹ Back to Strondex home