# SOC 2 readiness checklist

1. Access control: MFA, SSO, privileged access review, and joiner/mover/leaver evidence.
2. Change management: branch protection, deployment approvals, release notes, and rollback evidence.
3. Vendor risk: DPA/SOC evidence, owner, renewal date, data categories, and review cadence.
4. Incident response: escalation path, tabletop evidence, postmortem template, and customer notice boundary.
5. Evidence packet: source timestamp, collector version, reviewer, expiry, and export format.

Generated by PrivaBase. This template is educational and not legal advice.