# Roadmap

The **Compliance Roadmap** module provides a structured, step-by-step pathway to achieving SOC 2 Type II compliance. It consolidates all required tasks, documentation, and progress indicators into a guided workflow that helps organizations meet compliance objectives efficiently and on schedule.

The roadmap is divided into **four core phases**:

1. **Initial Setup**
2. **Policies Classification**
3. **Evidence Gathering**
4. **Audit**

Each phase contains actionable tasks with clear descriptions, status tracking, and completion options, enabling seamless management of the entire compliance lifecycle.

***

### **Navigating to the Compliance Roadmap**

<figure><img src="https://3134867464-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FfYMNPzOIv8LNp5TFA4Id%2Fuploads%2FCy4dpcOFvPrkOUzaKLfh%2Fimage.png?alt=media&#x26;token=4ffed888-7e91-4ecc-ba14-7c78606d8780" alt=""><figcaption></figcaption></figure>

To access the Compliance Roadmap:

1. Log in to Socify.
2. From the left navigation menu, select **Road Map** under the **Overview** section.
3. The Compliance Roadmap dashboard will load, displaying your SOC 2 Type II progress and milestones.

***

### **1. Roadmap Header Overview**

<figure><img src="https://3134867464-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FfYMNPzOIv8LNp5TFA4Id%2Fuploads%2FeHhXcNPbf4fiJSotloav%2Fimage.png?alt=media&#x26;token=973f6f21-1381-40f8-be2f-81a9b4f0b419" alt=""><figcaption></figcaption></figure>

At the top of the Roadmap screen, users will see:

#### **SOC 2 Status Banner**

* Shows whether your roadmap is **On Track**.
* Displays the **Audit Ready Date**.
* Reflects the **completion percentage** of roadmap activities.
* Indicates the number of completed steps out of total steps.
* Provides quick access to the **Audit Vault**.

This banner gives a high-level summary of progress toward SOC 2 audit readiness.

***

### **2. Roadmap Phases**

The Roadmap contains **four structured phases**, each with tasks required for SOC 2 compliance. Users can switch between phases using the horizontal navigation bar.

**"Each phase in the Compliance Roadmap includes its own target completion timeline, helping users stay on track and progress through the SOC 2 journey in a structured, time-bound manner."**

***

## **PHASE 1: Initial Setup**

<figure><img src="https://3134867464-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FfYMNPzOIv8LNp5TFA4Id%2Fuploads%2F8khco5bFFAfX70DP7xFq%2Fimage.png?alt=media&#x26;token=f7581620-f147-4dca-91d5-8582ce25b787" alt=""><figcaption></figcaption></figure>

This phase lays the foundation for the SOC 2 journey. It includes onboarding tasks that prepare the organization for policy setup, evidence collection, and audit workflows.

#### **2.1.1 All About Socify Setup**

Provides an overview of Socify’s features and capabilities.\
**Action:** Watch the introductory video explaining the benefits of automation and reporting.

#### **2.1.2 Connecting Cloud Provider**

Allows integration with your cloud provider for automated evidence syncing.\
**Actions:**

* Click **Connect** to integrate.
* Mark as complete/incomplete as needed.

#### **2.1.3 Scoping Questionnaire**

Defines your organization's environment, systems, and data practices.\
**Action:** Click **Start Scoping** to complete the questionnaire.

Mark as complete/incomplete as needed.

#### **2.1.4 Invite Your Team**

Add team members to assign responsibilities and collaborate on compliance tasks.\
**Action:** Click **Add Members** to invite users.

Mark as complete/incomplete as needed.

#### **2.1.5 Profile Page Completion**

Upload organizational information such as name and logo, required for SOC 2 readiness.\
**Action:** Update your profile, and the task will be automatically marked as completed.

***

## **PHASE 2: Policies Classification**

<figure><img src="https://3134867464-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FfYMNPzOIv8LNp5TFA4Id%2Fuploads%2FA5IttyUssL6zaR5nmyxq%2FSOC-2-Get-Socify-Automate-SOC-2-Compliance-with-Socify-by-TAC-Security--11-27-2025_05_07_PM.png?alt=media&#x26;token=305cdad5-404a-49cd-8fd4-ab9f1feb22eb" alt=""><figcaption></figcaption></figure>

This phase focuses on organizing and publishing the policies required for SOC 2 compliance.

#### **2.2.1 Design Your Business Policies**

Includes core governance and business policies such as:

* Code of Conduct
* Information Security Policy
* Compliance Procedure
* Compliance Policy

**Action:** Review each policy and ensure they are completed.

#### **2.2.2 Data Management and Classification**

Policies related to data handling and classification:

* Asset Management
* Asset Procedure
* Data Retention Policy
* Data Classification Policy
* Access Control Policy

#### **2.2.3 Setup Your Engineering Policies**

Policies governing secure software development, operations, and availability:

* Network Security Procedure
* Encryption Policy
* Endpoint Security
* Business Continuity Plan
* SDLC Procedure

#### **2.2.4 Security and Governance Policies**

Policies related to physical and environmental safeguards and incident handling:

* Physical & Environmental Security
* Incident Management
* Risk Assessment
* System Acquisition & Development

#### **2.2.5 Auditor Call – Phase 2 Completion**

Allows users to connect with the auditor to finalize tasks for Phase 2.\
**Actions:** Contact your auditor as per the timeline and mark as completed when ready.

***

## **PHASE 3: Evidence Gathering**

<figure><img src="https://3134867464-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FfYMNPzOIv8LNp5TFA4Id%2Fuploads%2FTdjsD82Mr1SlTiSRvnw5%2Fimage.png?alt=media&#x26;token=f8978e43-1ee0-4c02-b293-0681db51abad" alt=""><figcaption></figcaption></figure>

This phase ensures all required audit evidence is collected, verified, and mapped to appropriate controls.

#### **2.3.1 Check Automated Controls for Cloud**

Displays automated cloud control checks fetched through cloud integration.\
**Actions:**

* Click **Check Now** to review controls.
* Mark the task as completed once validated.

#### **2.3.2 Current Status of Cloud Controls**

Shows pass/fail distribution of cloud checks with visual indicators.\
This helps in identifying remediation areas.

Mark the task as completed once validated.

#### **2.3.3 Manage Your Evidence Centre**

Upload and manage evidence files necessary for SOC 2 compliance.\
Users can add documents from the Evidence Center or map evidence directly to controls.

**Action:** Click **Mark as Completed** after organizing evidence.

***

## **PHASE 4: Audit**

<figure><img src="https://3134867464-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FfYMNPzOIv8LNp5TFA4Id%2Fuploads%2F4YmRgaHTZ5HKURrHkXOU%2FSOC-2-Get-Socify-Automate-SOC-2-Compliance-with-Socify-by-TAC-Security--04-16-2026_12_12_PM.png?alt=media&#x26;token=85d0031a-0c33-4ee3-9167-eb3b1f224641" alt=""><figcaption></figcaption></figure>

This phase represents the formal audit period where evidence is reviewed and validated by the auditor.

#### **2.4.1 System Description**

The **System Description** is a key document included in the SOC 2 report. It provides a detailed overview of your system, processes, and controls, and is reviewed by the auditor.

**Actions:**

* Click **Add System Description** to create and submit the document.
* Ensure all system details are accurate and complete.
* Click **Mark as Completed** once the document is finalized.

**Note:**\
The task remains **Pending** until the system description is submitted and ready for audit review.

***

#### **2.4.2 Management Assertion Letter**

The **Management Assertion Letter** is a formal statement prepared by your organization’s management and reviewed by the auditor. It is typically included in the SOC 2 report package.

This letter confirms that:

* Controls are designed appropriately
* Controls are implemented
* Controls are operating effectively during the review period

**Actions:**

* Click **Sample Assertion Letter** to view a reference template.
* Click **Upload File** to submit the signed assertion letter.
* Ensure the document is internally reviewed before submission.

**Note:**\
This is not a standard policy within Socify, but an official audit declaration.

***

#### **2.4.3 Access Audit Vault**

The **Audit Vault** provides centralized visibility into auditor feedback and all evidence mapped to SOC 2 controls. It allows your organization to track review comments, clarifications, and validation status in one place.

This ensures transparency between your organization and the auditor during the audit process.

**Actions:**

* Click **Audit Vault** to review auditor comments and evidence status.
* Verify that all required evidence is submitted and properly mapped.
* Address any feedback or clarification requests from the auditor.
* Click **Mark as Completed** once all interactions are resolved.

**Note:**\
The task remains **Pending** until all auditor feedback is addressed.

***

#### **2.4.4 Testimonial and Feedback**

This section allows your organization to share feedback about your compliance journey with Socify. While not mandatory for certification, it supports continuous improvement.

**Actions:**

* Click **Access** to provide testimonial or feedback.
* Share insights on implementation, audit readiness, and overall experience.
* Click **Mark as Completed** once feedback is submitted.

***

#### **2.4.5 SOC 2 CPA Attestation**

This is the **final step of the roadmap**, where the SOC 2 report is generated and officially attested by a CPA or authorized auditing firm.

**Actions:**

* Click **Download** to retrieve the SOC 2 report once available.
* Click **Schedule** to arrange a call with support or the auditing team if needed.
* Ensure internal stakeholders receive and review the final report.

**Note:**\
The task status updates once the official report is generated and accessible.

***

### **3. Task Status Indicators**

Each task includes a status badge:

* **Completed (Green)** → Task has been finished
* **Pending (Grey)** → Task awaiting action
* **Mark as Completed** → Button to mark the task finished
* **Mark as Incomplete** → Button to revert status if changes are needed

These indicators help users track readiness at each stage.

***

### **4. Best Practices for Using the Compliance Roadmap**

* Complete tasks in sequence for optimal progress.
* Maintain updated documentation and evidence in the Evidence Center.
* Involve stakeholders early using the Invite Team feature.
* Utilize cloud integration for automated and accurate evidence.
* Schedule auditor calls on time to avoid delays in compliance milestones.

***

### **5. Summary**

The **Compliance Roadmap** serves as a comprehensive guide for achieving SOC 2 compliance through clearly defined phases, structured tasks, and ongoing progress tracking. Organizations can navigate the compliance process with confidence and clarity. The roadmap ensures all necessary activities from initial setup to final audit attestation are completed systematically and efficiently.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.socify.ai/getting-started/roadmap.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.