Roadmap

The Compliance Roadmap module provides a structured, step-by-step pathway to achieving SOC 2 Type II compliance. It consolidates all required tasks, documentation, and progress indicators into a guided workflow that helps organizations meet compliance objectives efficiently and on schedule.

The roadmap is divided into four core phases:

  1. Initial Setup

  2. Policies Classification

  3. Evidence Gathering

  4. Audit

Each phase contains actionable tasks with clear descriptions, status tracking, and completion options, enabling seamless management of the entire compliance lifecycle.

Navigating to the Compliance Roadmap

To access the Compliance Roadmap:

  1. Log in to Socify.

  2. From the left navigation menu, select Road Map under the Overview section.

  3. The Compliance Roadmap dashboard will load, displaying your SOC 2 Type II progress and milestones.

1. Roadmap Header Overview

At the top of the Roadmap screen, users will see:

SOC 2 Status Banner

  • Shows whether your roadmap is On Track.

  • Displays the Audit Ready Date.

  • Reflects the completion percentage of roadmap activities.

  • Indicates the number of completed steps out of total steps.

  • Provides quick access to the Audit Vault.

This banner gives a high-level summary of progress toward SOC 2 audit readiness.

2. Roadmap Phases

The Roadmap contains four structured phases, each with tasks required for SOC 2 compliance. Users can switch between phases using the horizontal navigation bar.

"Each phase in the Compliance Roadmap includes its own target completion timeline, helping users stay on track and progress through the SOC 2 journey in a structured, time-bound manner."

PHASE 1: Initial Setup

This phase lays the foundation for the SOC 2 journey. It includes onboarding tasks that prepare the organization for policy setup, evidence collection, and audit workflows.

2.1.1 All About Socify Setup

Provides an overview of Socify’s features and capabilities. Action: Watch the introductory video explaining the benefits of automation and reporting.

2.1.2 Connecting Cloud Provider

Allows integration with your cloud provider for automated evidence syncing. Actions:

  • Click Connect to integrate.

  • Mark as complete/incomplete as needed.

2.1.3 Scoping Questionnaire

Defines your organization's environment, systems, and data practices. Action: Click Start Scoping to complete the questionnaire.

Mark as complete/incomplete as needed.

2.1.4 Invite Your Team

Add team members to assign responsibilities and collaborate on compliance tasks. Action: Click Add Members to invite users.

Mark as complete/incomplete as needed.

2.1.5 Profile Page Completion

Upload organizational information such as name and logo, required for SOC 2 readiness. Action: Update your profile, and the task will be automatically marked as completed.

PHASE 2: Policies Classification

This phase focuses on organizing and publishing the policies required for SOC 2 compliance.

2.2.1 Design Your Business Policies

Includes core governance and business policies such as:

  • Code of Conduct

  • Information Security Policy

  • Compliance Procedure

  • Compliance Policy

Action: Review each policy and ensure they are completed.

2.2.2 Data Management and Classification

Policies related to data handling and classification:

  • Asset Management

  • Asset Procedure

  • Data Retention Policy

  • Data Classification Policy

  • Access Control Policy

2.2.3 Setup Your Engineering Policies

Policies governing secure software development, operations, and availability:

  • Network Security Procedure

  • Encryption Policy

  • Endpoint Security

  • Business Continuity Plan

  • SDLC Procedure

2.2.4 Security and Governance Policies

Policies related to physical and environmental safeguards and incident handling:

  • Physical & Environmental Security

  • Incident Management

  • Risk Assessment

  • System Acquisition & Development

4.2.5 Auditor Call – Phase 2 Completion

Allows users to connect with the auditor to finalize tasks for Phase 2. Actions: Contact your auditor as per the timeline and mark as completed when ready.

PHASE 3: Evidence Gathering

This phase ensures all required audit evidence is collected, verified, and mapped to appropriate controls.

2.3.1 Check Automated Controls for Cloud

Displays automated cloud control checks fetched through cloud integration. Actions:

  • Click Check Now to review controls.

  • Mark the task as completed once validated.

2.3.2 Current Status of Cloud Controls

Shows pass/fail distribution of cloud checks with visual indicators. This helps in identifying remediation areas.

Mark the task as completed once validated.

2.3.3 Manage Your Evidence Centre

Upload and manage evidence files necessary for SOC 2 compliance. Users can add documents from the Evidence Center or map evidence directly to controls.

Action: Click Mark as Completed after organizing evidence.

PHASE 4: Audit

This phase represents the formal audit period where evidence is reviewed and validated by the auditor.

2.4.1 Access Audit Vault

Provides access to auditor feedback and evidence mapped to SOC 2 controls. Users can review all auditor inputs in one place.

Actions:

  • Click Audit Vault to open documents.

  • Mark as completed once evidence submission is finalized.

2.4.2 SOC 2 CPA Attestation

The final step of the journey where the official SOC 2 report is generated and attested by a CPA or authorized firm.

Actions:

  • Download the report when available.

  • Schedule a call if needed.

3. Task Status Indicators

Each task includes a status badge:

  • Completed (Green) → Task has been finished

  • Pending (Grey) → Task awaiting action

  • Mark as Completed → Button to mark the task finished

  • Mark as Incomplete → Button to revert status if changes are needed

These indicators help users track readiness at each stage.

4. Best Practices for Using the Compliance Roadmap

  • Complete tasks in sequence for optimal progress.

  • Maintain updated documentation and evidence in the Evidence Center.

  • Involve stakeholders early using the Invite Team feature.

  • Utilize cloud integration for automated and accurate evidence.

  • Schedule auditor calls on time to avoid delays in compliance milestones.

5. Summary

The Compliance Roadmap serves as a comprehensive guide for achieving SOC 2 compliance through clearly defined phases, structured tasks, and ongoing progress tracking, organizations can navigate the compliance process with confidence and clarity. The roadmap ensures all necessary activities from initial setup to final audit attestation are completed systematically and efficiently.

PreviousChange PasswordNextDashboard

Last updated