SOC 2 readiness — Type I and Type II.

Fifteen questions across the AICPA Common Criteria (CC1–CC9), plus touches on Availability and Confidentiality. Takes about five minutes. Focused on the Security Trust Services Criterion — the foundation of every SOC 2 scope.

At the end you'll see a readiness score, a tier (Greenfield → Pre-readiness → Type I-ready → Type II-ready), and where your posture is weakest. No data leaves your browser.

Most organizations approach SOC 2 in two stages: a Type I report (design at a point in time) followed by a Type II observation window and audit. Use this quiz to understand which stage fits your current state.