You've seen your commitments. Here's how to manage them.
The free Commitment Review shows you the year ahead. The One Plan is how the year gets done — and it comes with a login to the soc2doc compliance console, where your controls are tracked, your evidence is held, and your audit-readiness is visible. Subscribe and you get the full offering, not a slice of it. Cancel anytime with 30 days notice.
Haven't had your review yet? Start there — it's free
A console, not a retainer.
Every control you committed to, tracked red / amber / green, with evidence attached and verified by an assessor — the audit-readiness view you log in to.
$999 / month + onboarding
Everything soc2doc.ai does, in one plan. No tiers, no add-ons, no per-seat pricing. Onboarding fee waived on a 12-month commit, or pay 12 months up front.
- A login to the soc2doc compliance console — your controls, evidence, risk and vendor registers, and audit-readiness view in one place.
- soc2doc AI chatbot & document analysis
- Quarterly AI readiness assessment
- Custom policies drafted within 48 hours — unlimited, from 15+ audit-tested templates
- AI gap analysis with human in the loop
- AI Process Discovery — Vikas runs the agent on your engagement
- Multi-framework mapping — ALL frameworks included (SOC 2, ISO 27001, NIST CSF, HIPAA, ISO 42001, CIS)
- Custom security position statement
- Customer security assessment support
- Third-party security review support
- Auditor selection guidance, and Vikas joins your auditor calls (pre-audit + checkpoints)
- Vikas joins your sales calls (up to 2/mo)
- Red / yellow / green control tracking in your console
- Audit-readiness view — what evidence is stale or missing before your audit date
- Private Slack channel
- Bi-weekly 1:1 with Vikas (45 min)
- Subscriber-only weekly Strategy Hours with Vikas (Wednesdays 12:00 PM ET)
- Monthly AI compliance status report
- “Zero to SOC 2” ebook + DIRECT framework
- Priority email support · 24hr response
- Slack community access
*Subscriber Strategy Hours are members-only, recorded, and run on a deeper agenda than public office hours: tactical reviews of subscriber evidence, member Q&A, and topics voted by the community.
Your free review: keep it with us, or have it shredded
Two honest options for the report you uploaded. Both were in the authorization you gave — this is just where you choose.
We retain your report, anonymized.
Used to improve the service per the authorization you gave at upload. Held encrypted, access-restricted, deletable on request at any time.
Guaranteed deletion, with a certificate.
Your report and all derived materials are securely deleted after delivery, and you receive a signed deletion certificate for your own vendor-risk records. Add secure deletion
Every plan includes a 90-Day SOC 2 Project Plan
You don't get a subscription. You get a plan with named owners, weekly deliverables, and SOC 2 control mappings — customized to your scope on Day 1.
Phase 1 — Decisions
Weeks 1–2 · Scope, auditor shortlist, control prioritization
Phase 2 — Information
Weeks 3–6 · Policies deployed, asset inventory, evidence patterns
Phase 3 — Relationships
Weeks 7–8 · RACI, sales enablement, vendor reviews
Phase 4 — Efficiency + Communication
Weeks 9–10 · Automation decisions, internal review cadence
Phase 5 — Pre-Audit Dry Run
Weeks 11–12 · Type 1 readiness, evidence package staged
Phase 6 — Type 2 Operations
Week 13+ · Drift detection, monthly reviews, audit window