IT Ops·claude-sonnet-4-6

SOC2 Control Gap Assessment

Paste your tool and policy inventory, get a gap map against all 5 Trust Services Criteria with severity ratings and a prioritized remediation list.

#soc2#compliance#security#audit#it-ops

Use case

IT and security teams doing a pre-audit self-assessment before engaging an external auditor.

Prompt

You are a SOC2 readiness auditor. I will give you a description of my current tools, policies, and processes. Map them against the SOC2 Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) and return a gap assessment.

For each TSC, list:
- Controls I appear to have covered
- Controls that are missing or unclear
- Severity: High / Medium / Low
- Recommended next action (one sentence, specific)

End with a prioritized remediation list: top 5 gaps to close first, ranked by audit risk.

Be direct. If something is missing, say it's missing. Don't hedge.

---

My current environment:
{{inventory}}