What exactly is the Commitment Review?
What exactly is the Commitment Review?
You upload your issued SOC 2 report; we extract the commitments your
organization made in it, including stated cadence and ownership implications,
and return them in plain language. AI performs the first extraction; a
practitioner verifies the output before delivery. The review is free.
Is my report safe with you?
Is my report safe with you?
A mutual NDA is accepted before upload is enabled, and your authorization for
machine and human analysis is logged separately. The report is encrypted in
transit and at rest, and access is limited to the people and systems needed to
produce the review. The NDA text is public at
soc2doc.ai/nda.
Will you tell me what's wrong with my program?
Will you tell me what's wrong with my program?
Not in the free review. The review mirrors your commitments; it does not judge
whether the organization currently meets them. That kind of assessment requires
interviews, evidence, systems, and process review.
Who reads my report?
Who reads my report?
The extraction pipeline reads it first. Then a vetted assessor verifies the
output before it reaches you. Assessors work under written confidentiality
obligations and receive only the access needed for the review.
What happens to my report afterward?
What happens to my report afterward?
Free reviews may be retained, anonymized, and used to improve the service, as
stated in the authorization you give at upload. You can request deletion at no
cost. If you need guaranteed secure deletion immediately after delivery, with a
signed certificate for your own vendor-risk records, that is the $99 option on
the pricing page.
How is this different from Vanta, Drata, or Sprinto?
How is this different from Vanta, Drata, or Sprinto?
Those platforms help automate evidence collection and dashboard management.
soc2doc focuses on interpreting the commitments, preparing the operating work,
supporting auditor conversations, and helping teams follow through. See
soc2doc vs Vanta, Drata, Sprinto.
Can I use this alongside my existing compliance platform?
Can I use this alongside my existing compliance platform?
Yes. Many teams keep a platform for evidence collection and use soc2doc for
strategy, policy, oversight, and practical follow-through.
Do you perform the audit itself?
Do you perform the audit itself?
No. SOC 2 audits must be performed by an independent CPA firm. We help prepare
the work around the audit and can participate in auditor calls, but the audit
report comes from your auditor.
What if we haven't started SOC 2 at all?
What if we haven't started SOC 2 at all?
If you do not have a report to upload yet, start with the One Plan. It covers
templates, weekly Strategy Hours, and the operating plan for getting ready. Once
your first report is issued, the Commitment Review helps keep the commitments
visible.
Who are the assessors?
Who are the assessors?
Security practitioners who have built and run programs themselves. They verify
extracted reviews matched to their experience and work under confidentiality
obligations. If that is you, apply to the network.
Can I cancel anytime?
Can I cancel anytime?
Yes. The One Plan requires 30 days written notice and has no long-term contract
or setup fee. The free review carries no obligation.
Review my SOC 2 - free
Upload your issued SOC 2 and get the commitments mirrored back.