performing-soc2-type2-audit-preparation

Featured

Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9), evidence collection from cloud providers and identity systems, control testing validation, remediation tracking, and continuous compliance monitoring. Covers all five TSC categories (Security, Availability, Processing Integrity, Confidentiality, Privacy) with automated evidence gathering from AWS, Azure, GCP, Okta, GitHub, and Jira. Use when preparing for or maintaining SOC 2 Type II certification.

DevOps & Infrastructure 12,642 stars 1468 forks Updated today Apache-2.0

Install

Quality Score: 99/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

70

Documentation 15%

100

Issue Health 10%

50

License 10%

100

Description 5%

100

Skill Content

# Performing SOC 2 Type II Audit Preparation ## When to Use - When preparing for a SOC 2 Type II audit engagement with a CPA firm - When conducting a gap assessment against AICPA Trust Services Criteria - When automating evidence collection across cloud infrastructure and identity providers - When validating that controls have operated effectively over the audit period (3-12 months) - When building continuous compliance monitoring to maintain SOC 2 posture between audits - When remediating control gaps identified during readiness assessment ## Prerequisites - Familiarity with AICPA Trust Services Criteria (CC1-CC9) - Access to cloud provider APIs (AWS, Azure, or GCP) with read-only permissions - Access to identity provider (Okta, Azure AD, Google Workspace) - Access to version control system (GitHub, GitLab) - Access to ticketing system (Jira, Linear, ServiceNow) - Python 3.8+ with `boto3`, `requests`, `pyyaml` dependencies - Appropriate authorization to collect compliance evidence ## Instructions ### 1. Understand the Trust Services Criteria SOC 2 is built on five Trust Services Categories defined by AICPA. Security (Common Criteria CC1-CC9) is mandatory; the others are selected based on business relevance: | Category | Criteria | Focus | |----------|----------|-------| | Security (mandatory) | CC1-CC9 | Control environment, risk, access, operations, change management | | Availability | A1 | System uptime and disaster recovery | | Processing Integrity | PI1 | Accurat...

Details

Author: mukul975
Repository: mukul975/Anthropic-Cybersecurity-Skills
Created: 3 months ago
Last Updated: today
Language: Python
License: Apache-2.0

Integrates with

Azure · Cloud GitLab · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

soc2

SOC 2 Type II prep — AICPA Trust Services Criteria (Security required plus Availability/Confidentiality/Processing Integrity/Privacy), Common Criteria CC1–CC9, Type I vs Type II choice, evidence-collection rhythm, auditor-friendly packaging, Complementary User Entity Controls.

4 Updated 1 weeks ago

AI & Automation Listed

soc2-readiness

Assess SOC 2 Type II readiness. Map Trust Services Criteria to controls, identify gaps, and build a remediation plan. Uses NIST SP 800-53 (public domain) as canonical reference with SOC 2 criterion cross-mapping. Use when user says "SOC 2 readiness," "SOC 2 preparation," "SOC 2 gap analysis," or "prepare for SOC 2 audit."

35 Updated today

open-agreements

AI & Automation Solid

soc2-compliance-automator

SOC 2 Trust Services Criteria compliance automation for evidence collection, control mapping, and audit preparation

1,034 Updated today

Data & Documents Solid

soc2

Expert SOC 2 compliance assistant covering all five Trust Services Criteria (Security/CC, Availability/A, Confidentiality/C, Processing Integrity/PI, Privacy/P). Use this skill whenever a user mentions SOC 2, Trust Services Criteria, SOC 2 Type 1 or Type 2, audit readiness, compliance gaps, control documentation, evidence collection, vendor risk questionnaires, or anything related to AICPA service organization controls. Trigger even for adjacent topics like "we need to get audited", "a customer asked for our security report", "writing an information security policy", or "preparing for an audit". Covers gap analysis, policy writing, control documentation, audit evidence preparation, and vendor risk reviews for organizations at any maturity level — from first-time startups to seasoned compliance teams.

488 Updated today

Data & Documents Listed

soc2

Expert SOC 2 compliance assistant covering all five Trust Services Criteria (Security/CC, Availability/A, Confidentiality/C, Processing Integrity/PI, Privacy/P). Use this skill whenever a user mentions SOC 2, Trust Services Criteria, SOC 2 Type 1 or Type 2, audit readiness, compliance gaps, control documentation, evidence collection, vendor risk questionnaires, or anything related to AICPA service organization controls. Trigger even for adjacent topics like "we need to get audited", "a customer asked for our security report", "writing an information security policy", or "preparing for an audit". Covers gap analysis, policy writing, control documentation, audit evidence preparation, and vendor risk reviews for organizations at any maturity level — from first-time startups to seasoned compliance teams.

2 Updated today

Jandyoverseas977