SOC 2 (Trust Services Criteria)
Practice: Cybersecurity · Type: Standard
SOC 2 is an AICPA auditing standard that reports on the controls a service organization operates against five Trust Services Criteria — security, availability, processing integrity, confidentiality and privacy. A readiness (gap) assessment is the work done before a Type I or Type II audit to find and close control gaps.
Benefits
- Scored on SOC 2's own Trust Services Criteria scale — not a generic rubric.
- Every score is traceable to the client's own policies, system descriptions and control evidence.
- Control gaps ranked by severity, ready to become the remediation plan before the audit.
- A board-ready slide deck and a detailed report generated automatically.
- Re-runnable as evidence improves, so the client can track distance-to-audit over time.
When to use it
- Before engaging an auditor for a SOC 2 Type I or Type II report.
- When a client or prospect requires SOC 2 evidence to win or keep enterprise deals.
- To scope which of the five Trust Services Criteria are in play before committing to an audit.
- To re-baseline controls ahead of an annual SOC 2 renewal.
What it assesses
Celeredge maps the client's existing policies, system descriptions and control evidence to each applicable Trust Services Criterion, flags missing or immature controls, and ranks the gaps. It covers:
- Security (the common criteria)
- Availability
- Processing integrity
- Confidentiality
- Privacy
Expected output
Celeredge produces per-criterion maturity scores on SOC 2's own scale. Each answer carries a confidence signal and citations back to the client's evidence, and gaps are ranked by severity. The run generates a board-ready slide deck and a detailed HTML report. See Maturity Scoring, Reports and Deck Studio.
How to use it in Celeredge
- Collect the client's evidence — policies, system descriptions and control reports — see Evidence Collection.
- In Diagnose, select SOC 2 (Trust Services Criteria).
- Run the assessment and watch it stream — see Running Assessments.
- Review per-criterion answers with their confidence and citations, then accept the ones you trust.
- Send gaps to Plan — see Gap Analysis.
FAQ
What is SOC 2?
Defined by the AICPA, SOC 2 reports on how well a service organization's controls hold up against five Trust Services Criteria: security, availability, processing integrity, confidentiality and privacy. The readiness, or gap, assessment is the pre-audit step that surfaces and closes control gaps before a Type I or Type II report.
What does a Celeredge SOC 2 assessment deliver?
An evidence-based readiness assessment scored on SOC 2's own scale, with gaps ranked by severity and an auto-generated, board-ready slide deck and detailed report — every score traceable to the evidence behind it.
How does the assessment work?
Clients upload their own evidence — policies, reports and data. An AI interviewer asks targeted follow-ups to fill anything missing, the platform scores against the framework, ranks the gaps, and generates the deliverables.
Celeredge runs an independent readiness and alignment review against this framework. It is not a certification audit and is not endorsed by the standard's owner. Framework and standard names are trademarks of their respective owners.