← Back to SOC 2

SOC 2 Compliance Checklist: 64 Controls

Complete checklist covering all Trust Service Criteria controls. Download, track your progress, and achieve SOC 2 certification faster. Most companies already have 60-70% implemented.

Get Expert HelpTake Free Assessment
64
Total Controls
5
Trust Service Criteria
30%
Automation Rate
CC

Common Criteria - Security

Required for all SOC 2 reports

CC1: Control Environment

CC1.1: Demonstrate commitment to integrity and ethical values
CC1.2: Exercise oversight responsibility
CC1.3: Establish structure, authority, and responsibility
CC1.4: Demonstrate commitment to competence
CC1.5: Enforce accountability

CC2: Communication & Information

CC2.1: Obtain or generate relevant, quality information
CC2.2: Internally communicate information
CC2.3: Communicate with external parties

CC3: Risk Assessment

CC3.1: Specify suitable objectives
CC3.2: Identify and analyze risk
CC3.3: Assess fraud risk
CC3.4: Identify and analyze significant changes

CC4: Monitoring Activities

CC4.1: Select, develop, and perform ongoing evaluations
CC4.2: Evaluate and communicate deficiencies

CC5: Control Activities

CC5.1: Select and develop control activities
CC5.2: Select and develop technology controls
CC5.3: Deploy control activities through policies

CC6: Logical & Physical Access

CC6.1: Implement logical access security software
CC6.2: Provision new users
CC6.3: Remove access when no longer required
CC6.4: Restrict logical access to programs and data
CC6.5: Restrict access to data and programs
CC6.6: Implement multi-factor authentication
CC6.7: Implement role-based access controls
CC6.8: Restrict access to sensitive information

CC7: System Operations

CC7.1: Ensure authorized program changes
CC7.2: Implement system monitoring and alerting
CC7.3: Implement patch management
CC7.4: Protect against malicious software
CC7.5: Implement data backup and recovery

CC8: Change Management

CC8.1: Authorize, design, develop, and test changes
CC8.2: Deploy changes to production
CC8.3: Track and manage changes

CC9: Risk Mitigation

CC9.1: Identify, assess, and respond to security incidents
CC9.2: Respond to security breaches

Additional Trust Service Criteria

Optional - Include based on your business requirements

A

Availability Controls

A1.1: Maintain system availability commitments
A1.2: Monitor system performance
A1.3: Implement recovery procedures
PI

Processing Integrity Controls

PI1.1: Process data completely and accurately
PI1.2: Validate input completeness and accuracy
PI1.3: Implement error handling procedures
PI1.4: Validate processing integrity
PI1.5: Monitor processing integrity
C

Confidentiality Controls

C1.1: Identify and maintain confidential information
C1.2: Dispose of confidential information
C1.3: Protect confidential information during transmission
P

Privacy Controls

P1.1: Provide notice about privacy practices
P2.1: Obtain consent for collection and use
P3.1: Collect information consistent with notice
P4.1: Use information for disclosed purposes
P5.1: Retain information per commitments
P6.1: Dispose of personal information securely
P7.1: Disclose information to third parties per notice
P8.1: Grant individuals access to their data

How LowerPlane Automates This Checklist

🤖

Automated Evidence Collection

Connect AWS, Okta, GitHub, and 50+ tools. We automatically collect evidence for 30-50% of controls monthly.

📊

Real-Time Progress Tracking

Live dashboard showing exactly which controls are implemented, in progress, or need attention.

👨‍💼

Expert Guidance

Dedicated compliance advisor who tells you exactly what to do for each control. No guesswork.

Download Your Free SOC 2 Checklist

Get the complete 64-control checklist as a printable PDF. Track your progress toward SOC 2 certification.

Download PDF ChecklistOr Get Expert Help
No email required for PDF download. Start tracking your compliance progress today.

Related SOC 2 Resources

SOC 2 Requirements

Detailed breakdown of each Trust Service Criteria requirement

View requirements →

SOC 2 Cost Breakdown

Complete pricing guide, ROI calculator, and vendor comparison

See pricing →

Readiness Assessment

Find out where you stand in 5 minutes with our free tool

Take assessment →