Check off the evidence artifacts you already have, grouped by Trust Services Criteria. See your completion percentage and a clear list of what is still missing before your SOC 2 audit. Your progress is saved in this browser.
They are the categories a SOC 2 report is built on: Security (the required Common Criteria), plus optional Availability, Processing Integrity, Confidentiality, and Privacy. You choose which apply to your service, and the auditor tests controls against them.
It is a representative list of the artifacts SOC 2 audits commonly require. Your auditor sets the precise request list based on your scope, systems, and the criteria you include. Use this to prepare and close obvious gaps before the audit starts.
No. Having the artifacts is necessary but not sufficient. The auditor evaluates whether your controls were designed and operating effectively over the review period. This tracker helps you get organized; it does not make the audit judgment.
Yes, it is free with no signup. If gathering and organizing evidence is the bottleneck, our SOC 2 evidence collection service does it with you.
Not ready for a call yet?
A few short notes from Jacob on collecting SOC 2 evidence without the last-minute scramble. No fluff, unsubscribe in one click. Reply anytime; it reaches him directly.
From Jacob Masse, founder of traztech. No spam, unsubscribe in one click.
Want it done for you?
SOC 2 Evidence Collection
We gather and organize your SOC 2 evidence with you so the audit goes smoothly.
Explore SOC 2 Evidence Collection →We gather, organize, and map your SOC 2 evidence to the Trust Services Criteria, so you walk into the audit prepared instead of scrambling.
See SOC 2 Evidence Collection Book a call