> ## Documentation Index
> Fetch the complete documentation index at: https://docs.soc2doc.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# How it works

> NDA first, then upload. AI extracts commitments; a practitioner verifies the work; your Commitment Review is delivered after review.

The process is intentionally narrow and explicit: NDA first, upload second,
machine extraction third, practitioner verification before delivery.

## The three steps

<Steps>
  <Step title="NDA and upload">
    You accept a mutual NDA and authorize machine and human analysis. Only then is
    upload enabled. The NDA text is public at
    [soc2doc.ai/nda](https://soc2doc.ai/nda).
  </Step>

  <Step title="Extraction, then verification">
    The extraction pipeline reads the report for commitments, cadences,
    third-party dependencies, and inherited controls. A practitioner then checks
    the output before it is sent to you.
  </Step>

  <Step title="Your review">
    Your Commitment Review is delivered by email: what the report says you
    committed to, how often the work recurs, and what ownership questions it raises.
  </Step>
</Steps>

## What the review is - and is not

<CardGroup cols={2}>
  <Card title="In: commitments and cadences" icon="check">
    The promises stated in the report, the frequencies attached to them, and
    ownership prompts written for operators rather than auditors.
  </Card>

  <Card title="Out: scoring and templates" icon="x">
    The review does not do gap analysis and does not attach a generic checklist.
    It mirrors the report; it does not grade the organization.
  </Card>
</CardGroup>

## Then what

Many teams use the review to find which commitments lack a clear owner. From
there, you can book a compliance call, move into year-round management on the One
Plan, or take the list back to your own team. The review is yours either way. See
[after the review](/product/after-the-review).

<Card title="Review my SOC 2 - free" icon="arrow-right" href="https://soc2doc.ai/review">
  Start with your issued SOC 2 report.
</Card>
