SOC 2 Type II · Trust Services Criteria Assessment

Benchmark Your SOC 2 Compliance Posture

25 targeted questions across 5 Trust Services Criteria. Instant scoring, domain-level gap analysis, and actionable recommendations — free, no login required.

⏱ ~8 minutes 📋 5 domains · 25 questions 📊 Instant readiness report ✓ Free · No login required
CC6 CC7 CC8 CC9 A1 C1 PI1 P1
Domain 1 of 5 0% complete
1
2
3
4
5
Sec.
Avail.
Confid.
Integrity
Privacy
🔒
CC6–CC9
Security
SOC 2 Common Criteria CC6–CC9 govern logical and physical access controls, system operations, change management, and risk mitigation. Auditors assess whether controls prevent unauthorised access and system failures.
Q1 · Domain 1
Logical access controls implemented with principle of least privilege across all systems?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q2 · Domain 1
Multi-factor authentication (MFA) enforced for all remote and privileged system access?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q3 · Domain 1
Vulnerability scanning and penetration testing conducted at least annually?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q4 · Domain 1
Security monitoring and alerting operational 24/7 with documented response procedures?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q5 · Domain 1
Security awareness training delivered to all personnel upon hire and annually?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
A1
Availability
SOC 2 Availability criteria require that systems are available for operation as committed or agreed. This includes uptime commitments, capacity planning, and disaster recovery capabilities.
Q1 · Domain 2
System availability SLAs defined, monitored, and reported against customer commitments?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q2 · Domain 2
Redundancy and automated failover implemented for all critical system components?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q3 · Domain 2
Capacity planning process in place to prevent performance degradation?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q4 · Domain 2
Disaster recovery (DR) plan tested within the past 12 months with documented results?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q5 · Domain 2
Backup procedures validated and recovery time objectives (RTOs) confirmed achievable?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
🔐
C1
Confidentiality
SOC 2 Confidentiality criteria require that information designated as confidential is protected as committed or agreed. Controls cover identification, handling, and disposal of confidential data.
Q1 · Domain 3
Data classification policy implemented and communicated to all personnel?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q2 · Domain 3
Encryption at rest and in transit applied to all confidential data?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q3 · Domain 3
Non-disclosure agreements (NDAs) in place with all third parties handling confidential data?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q4 · Domain 3
Data retention and secure disposal procedures documented and enforced?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q5 · Domain 3
Access to confidential data logged, audited, and reviewed regularly?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
⚙️
PI1
Processing Integrity
SOC 2 Processing Integrity criteria ensure that system processing is complete, valid, accurate, timely, and authorised. Controls address input validation, error handling, and output reconciliation.
Q1 · Domain 4
Input validation and error handling implemented across all critical transaction processing?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q2 · Domain 4
System processing monitored for completeness, accuracy, and timeliness?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q3 · Domain 4
Change management process requires testing and approval before production deployment?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q4 · Domain 4
Quality assurance (QA) checks in place for all critical data processing pipelines?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q5 · Domain 4
Reconciliation procedures verify data integrity across system boundaries?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
🛡️
P1–P8
Privacy
SOC 2 Privacy criteria address the collection, use, retention, disclosure, and disposal of personal information. AICPA's Generally Accepted Privacy Principles (GAPP) form the basis of these controls.
Q1 · Domain 5
Privacy notice published, accurate, and updated to reflect actual data practices?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q2 · Domain 5
Process exists to honor data subject access, correction, and deletion requests?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q3 · Domain 5
Personal data collected limited to stated and consented purposes only?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q4 · Domain 5
Third-party processors bound by data processing agreements (DPAs)?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Q5 · Domain 5
Privacy impact assessments (PIAs) conducted for new personal data processing activities?
Not Implemented
0 pts
Planned ≤12m
1 pt
Partial
2 pts
Fully Implemented
3 pts
Please answer all questions to continue.

SOC 2 Readiness Assessment — CyberICS Solutions

Generated: · platform.cybericsolutions.com

🔗
You're viewing a shared assessment report
Take your own assessment to get personalised results.
0%
0 / 75 pts
SOC 2 READINESS SCORE
🔴 Critical Risk

Critical gaps across Trust Services Criteria. Immediate remediation required.

Domain Breakdown
Priority Recommendations
SOC 2 Toolkit → Start Free Tabletop Exercises →

More Free Assessments

🇪🇺 NIS2 Readiness 🏦 DORA Readiness 🔐 CMMC 2.0 Readiness 🏢 ISO 27001 Gap

This assessment is self-reported and indicative only. It does not constitute formal legal or compliance advice. Consult a qualified SOC 2 auditor for definitive audit readiness determination.