The three steps
NDA and upload
You accept a mutual NDA and authorize machine and human analysis. Only then is
upload enabled. The NDA text is public at
soc2doc.ai/nda.
Extraction, then verification
The extraction pipeline reads the report for commitments, cadences,
third-party dependencies, and inherited controls. A practitioner then checks
the output before it is sent to you.
What the review is - and is not
In: commitments and cadences
The promises stated in the report, the frequencies attached to them, and
ownership prompts written for operators rather than auditors.
Out: scoring and templates
The review does not do gap analysis and does not attach a generic checklist.
It mirrors the report; it does not grade the organization.
Then what
Many teams use the review to find which commitments lack a clear owner. From there, you can book a compliance call, move into year-round management on the One Plan, or take the list back to your own team. The review is yours either way. See after the review.Review my SOC 2 - free
Start with your issued SOC 2 report.