Verisq's SOC 2 Readiness Engagement Surface ships the Trust Services Criteria taxonomy auditors actually use — three-tier ownership (Control / Evidence / Task), per-control walkthrough notes, sample selection, test results, and auditor read-only access.
Service Organization Control Type 2 · AICPA Trust Services Criteria
QFX assessments, LiveThreat monitoring, and vendor scorecards directly satisfy CC9.2 risk mitigation requirements.
Pre-seeded 61-control SOC 2 catalog covering Security, Availability, Confidentiality, Processing Integrity, and Privacy.
External auditors get scoped access to walkthrough notes, evidence, and sample test results — they review in-place, leave comments per control, and request samples without ever leaving Verisq.
Evidence collected against a SOC 2 control is automatically reusable against mapped ISO 27001, NIST CSF, and HITRUST controls. Collect once, satisfy many.
Control-by-control state (Designed / Implemented / Operating Effectively / Tested), gap list, remediation tasks.
Population, sample size, exceptions, conclusion — auditor-style methodology built in.
The artifact you hand to your CPA firm going into a Type II engagement.
Auto-issued when all TSC controls reach Operating Effectively, with framework mappings embedded in the PDF.
Verisq generates the artifacts your auditors and regulators expect — on demand, with current data, with framework mappings embedded.