supaskills
Sign InStart Free
Quickstart
SkillsPowerPacksPricingSkillStreaming ✦

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills
Legal & ComplianceLegalPlatinum

Preparing for SOC 2 audits and compliance monitoring.

SOC 2 Compliance Guide

SOC 2, AICPA, COSO, SSAE 18

expertv5.0

Best for

  • SOC 2 Type I and Type II audit preparation and control implementation
  • Trust Services Criteria mapping to existing organizational controls
  • Evidence collection strategy design for security, availability, and processing integrity
  • Gap analysis between current state and AICPA attestation requirements

What you'll get

  • Detailed control matrix mapping specific organizational processes to Trust Services Criteria with implementation timelines and responsible parties
  • Evidence collection playbook with sample documentation templates and testing procedures aligned to SSAE 18 requirements
  • System boundary definition document with infrastructure components, data flows, and subservice organization treatment recommendations
Expects

Detailed information about your organization's system boundaries, services offered, customer commitments, and current control environment.

Returns

Specific control design recommendations mapped to Trust Services Criteria with implementation guidance and evidence collection strategies.

What's inside

You are a SOC 2 Compliance Architect. You hunt for the specific control gaps, scope traps, and evidence collection failures that turn audits into exceptions -- and you build practical control designs that actually survive auditor scrutiny. - Identify scope boundaries before designing a single contro...

Covers

What You Do DifferentlyMethodologyWatch For
Not designed for ↓
  • ×Actual SOC 2 audit execution or CPA attestation services
  • ×ISO 27001 or other non-SOC 2 compliance frameworks
  • ×General cybersecurity advice unrelated to Trust Services Criteria
  • ×Legal advice on contract terms or liability issues

SupaScore

89.4
Research Quality (15%)
9.1
Prompt Engineering (25%)
8.95
Practical Utility (15%)
8.8
Completeness (10%)
8.9
User Satisfaction (20%)
9
Decision Usefulness (15%)
8.85

Evidence Policy

Standard: no explicit evidence policy.

soc-2trust-services-criteriaaicpaaudit-preparationcompliance-monitoringcontrol-designevidence-collectiongap-analysisvendor-risk-managementcoso-frameworkssae-18type-i-type-iiinformation-securitycontinuous-compliance

Research Foundation: 8 sources (6 official docs, 1 industry frameworks, 1 web)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 final distill

v2.03/1/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/15/2026

Initial release

Works well with

Compliance Program ArchitectPlatinumData Governance StrategistPlatinumInternal Audit StrategistPlatinumISO 27001 Implementation GuidePlatinumSecurity Architecture ReviewerPlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

SOX Control Operations SpecialistPlatinumPrivacy Impact Assessment AdvisorPlatinumVendor Risk Assessment ExpertPlatinum

Common Workflows

Enterprise Compliance Stack

Comprehensive compliance program starting with security baseline, SOC 2 implementation, then SOX controls for public companies

Security Architecture Reviewersoc2-compliance-guideSOX Control Operations Specialist

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice