SOC 2 Type II Readiness Gap Analysis

Overview

If a target is provided via arguments, focus the review on: $ARGUMENTS

This skill performs a structured gap analysis against the AICPA Trust Services Criteria (TSC) used in SOC 2 Type II examinations. It walks through all nine Common Criteria categories (CC1 through CC9), evaluates additional criteria based on scoping decisions, scores maturity for each control point, maps required evidence artifacts, and produces a prioritized 90-day remediation roadmap.

SOC 2 Type II reports assess both the design and operating effectiveness of controls over a review period (typically 6-12 months). This analysis prepares an organization for that examination by identifying gaps before the auditor does.

Prerequisites

Before beginning the gap analysis, ensure the following are available: