SOC 2 Readiness Checklist: 50-Point Self-Assessment for 2026
Complete this checklist before engaging an auditor. Your progress is saved to your browser automatically. Critical items must all be resolved before starting the audit.
Check each item you have in place. Unchecked critical items show estimated remediation costs at the bottom.
Progress
0/40
Critical Items
0/26
Readiness
6-12 months to audit-readyAccess Control
0/6 (0%)Change Management
0/5 (0%)Risk Management
0/4 (0%)Incident Response
0/5 (0%)Network Security
0/6 (0%)Monitoring and Logging
0/4 (0%)Policies and Documentation
0/6 (0%)People and Training
0/4 (0%)Estimated Remediation for 26 Unchecked Critical Items
| Gap | Est. Cost | Timeline |
|---|---|---|
| Unique user accounts for all employees (no shared accounts) | $1K-$3K | 1-2 weeks |
| SSO/MFA enforced for all critical systems | $2K-$8K | 2-4 weeks |
| Role-based access control (RBAC) implemented | $3K-$10K | 2-6 weeks |
| Quarterly access reviews documented | $1K-$2K | 1-2 weeks |
| Offboarding process revokes access within 24 hours | $500-$2K | 1 week |
| All code changes go through pull request review | $1K-$3K | 1-2 weeks |
| Staging/testing environment before production | $2K-$5K | 2-4 weeks |
| Annual risk assessment completed and documented | $3K-$8K | 2-4 weeks |
| Risk register maintained with owner assignments | $1K-$3K | 1-2 weeks |
| Vendor risk assessments for critical third parties | $2K-$5K | 2-6 weeks |
Showing 10 of 26 gaps