SOC 2 readiness
Self-paced readiness against the AICPA Trust Services Criteria. All 38 criteria across 3 categories — Security (always on), plus optional Availability and Confidentiality.
Same team, same subscription, same evidence library as the rest of Resolute Security. Point your auditor at the export when you're ready.
What's in scope
CC Common Criteria (Security)Required
Required for every SOC 2 report. Covers governance, risk, access, change management, and monitoring.
33 criteria
A AvailabilityOptional
Optional. The system is available for operation and use as committed or agreed — uptime SLAs, BCDR, capacity.
3 criteria
C ConfidentialityOptional
Optional. Information designated as confidential is protected as committed or agreed — data-classification, retention, encryption.
2 criteria
Processing Integrity and Privacy aren't in this release. Most Resolute Security customers scope SOC 2 to Security ± Availability/Confidentiality; ping us if you need PI or Privacy soon.
How it works
- 1. Choose your scopeCommon Criteria is required. Add Availability if you commit to uptime SLAs, Confidentiality if you handle customer secrets. Scope statement gets copied straight into the readiness report.
- 2. Self-assessWalk through each criterion in plain English. Yes / partial / no, with notes pointing to the doc or config that proves it.
- 3. Generate artifactsReadiness report as markdown, gap-remediation list as CSV. Same evidence library reused by CMMC and your monitoring tools.
- 4. Hand to auditorThe readiness report mirrors how a Type II report is organized, so your auditor opens it and already knows where to look.