SOC 2 · Gap

SOC 2 gap assessment with a defensible remediation plan.

A gap assessment is the diagnostic your program is built on. We run ours to auditor standards so the gaps you close are the gaps that actually matter.

01 — Overview

A gap assessment is narrower than a readiness assessment. It answers one question: what would fail if we went to audit today? Our output is a ranked register with severity, remediation effort, owner, and target close date.

02 — Engagement

Our approach.

  1. I

    Control walkthrough

    Walkthrough each control area against the elected criteria.

  2. II

    Evidence test

    Sample evidence to establish whether the control would pass audit testing today.

  3. III

    Ranked register

    Deliver a ranked remediation register with owner, effort, and target close date.

03 — Deliverables

What you receive.

  • Gap register with severity and remediation effort
  • Control-by-control evidence findings
  • Executive summary suitable for board reporting

04 — Timeline

Expected duration.

Three to five weeks.

Ready to begin?

A partner-led readiness call is complimentary. We'll scope your engagement inside forty-five minutes.

Schedule the call →

05 — FAQ

Common questions.

What's the difference between a gap assessment and a readiness assessment?+

A gap assessment identifies what would fail today. A readiness assessment does the same and adds a full roadmap, cost model, and auditor-selection support. Most clients elect readiness.