soc2-readinesslisted

# SOC 2 Readiness Assessment Assess readiness for a SOC 2 Type II audit. This skill walks through the Trust Services Criteria, identifies gaps, maps to NIST controls, and generates a prioritized remediation plan. ## Security Model - **No scripts executed** — markdown-only procedural guidance - **No secrets required** — works with reference checklists - **IP-clean** — AICPA Trust Services Criteria are publicly cited; descriptions are original writing - **Evidence stays local** — all collection outputs go to local filesystem ## When to Use Activate this skill when: 1. **First SOC 2 preparation** — building controls from scratch for initial Type I or Type II 2. **Pre-audit readiness check** — 4-8 weeks before audit window opens 3. **Gap analysis after scope change** — new systems, services, or trust criteria added 4. **Remediation planning** — translating audit findings into actionable work items 5. **Dual-framework mapping** — already pursuing ISO 27001 and need SOC 2 overlap analysis Do NOT use for: - ISO 27001 internal audit — use `iso-27001-internal-audit` - Evidence collection mechanics — use `iso-27001-evidence-collection` - Contract review — use legal agreement skills ## Core Concepts ### Trust Services Criteria (TSC) SOC 2 is organized around 5 Trust Services Categories. **Security (CC)** is always in scope; others are optional based on your service: | Category | Criteria | When Required | |----------|----------|---------------| | **Security** (CC) | CC 1-9 (3