SOC 2 (Trust Services Criteria), automated
Get SOC 2 ready and stay there between report periods, with an agent to gather evidence and a human to certify.
- Live today
- Cross-mapped with ISO 27001
- Agent-assisted, human-certified
- EU data residency
SOC 2 is an independent audit report on how you manage customer data, against the AICPA Trust Services Criteria. Diligio Compliance tracks your controls and evidence across the observation window, flags gaps, and keeps you continuously audit-ready rather than scrambling each cycle.
What SOC 2 is
SOC 2 is an attestation report written by a CPA firm against the Trust Services Criteria: security (always in scope), plus optional availability, processing integrity, confidentiality, and privacy. It is the report US technology buyers most often request.
Type I describes whether controls are designed correctly at a point in time; Type II tests whether they operated over a period, usually three to twelve months. Type II carries the most weight, and each year covers a new period, so staying audit-ready matters.
How Diligio Compliance helps
Controls against the Trust Services Criteria
A control register mapped to the criteria you scope in, each with status, owner, proof, and last-reviewed date, plus CSV export for your auditor.
Evidence across the observation window
Reusable evidence objects linked to controls, with gaps and stale proof flagged, so the evidence the auditor samples is already there when the period closes.
An agent that proposes, a human that certifies
Your own AI agent can propose evidence and control statuses across SOC 2; a human certifies before anything is attested, with a kill switch and an audit trail.
Reuse toward ISO 27001
SOC 2 and ISO 27001 are cross-mapped, so the control work you do for SOC 2 carries over if you add ISO 27001 later, instead of starting again.
New to the process? Read the SOC 2 for startups.
Frequently asked questions
Does Diligio Compliance run the SOC 2 audit?
No. The SOC 2 audit and report are produced by an independent CPA firm. Diligio Compliance is the tooling that prepares and maintains your programme: controls, evidence, and remediation, kept continuously audit-ready so the auditor finds what they need.
Does it support both Type I and Type II?
Yes. The control and evidence model supports a point-in-time Type I and an observation-window Type II. Evidence is collected continuously, which is what a Type II period requires.
Is SOC 2 support available now?
Yes. SOC 2 is live in Diligio Compliance. Talk to us and we will enable it and help you scope the right Trust Services Criteria.
Get started
Tell us you are working towards SOC 2 and we will enable Diligio Compliance for your team and help you get set up. A flat $1,999 per company per year, or $499 for your first year as a startup.