The SOC 2 Field Manual

The deepest lessons from years of SOC 2 audit fieldwork.

AI-Native

Will AI make SOC 2 prep tools obsolete?

AI agents can now do the prep work a compliance subscription used to sell. What gets cheap, and what doesn't.

Jun 13, 2026
AI-Native

Can a once-a-year audit keep up with AI?

Snapshots and samples were workarounds for the cost of looking. AI collapsed that cost. What independent verification looks like next.

Jun 11, 2026
Choosing an Auditor

Does the name on your SOC 2 report matter?

The famous logo is a stand-in for what the report will not show you. Here is how to read past it.

Jun 10, 2026
Audit Quality

Why can't an auditor just take your word?

The rules make the auditor inspect the real evidence, not just ask. A green checkmark is not proof.

Jun 6, 2026
Audit Quality

What does a SOC 2 mock exam catch?

A real auditor runs the real procedures early, so you fix gaps in days.

Jun 5, 2026
The Basics

Is 'SOC 2 compliant' even a thing?

There is no SOC 2 certificate. It is a CPA opinion, not a status.

Jun 4, 2026
Choosing an Auditor

Why does a CPA audit your security?

A SOC 2 is assurance, not accounting. The person who signs is the point.

Jun 2, 2026
AI-Native

Do you still need integrations?

Platforms brag about 400+ integrations to pull your evidence. An AI agent can already reach anything on your systems.

May 30, 2026
The Basics

Can you get SOC 2 without a compliance platform?

The report comes from a CPA. The subscription is optional.

May 26, 2026
Choosing an Auditor

Is a cheap SOC 2 audit a real audit?

Price isn't the tell. What the auditor actually did is.

May 19, 2026
Choosing an Auditor

How to verify your auditor is a real CPA

Two steps to confirm your SOC 2 auditor is a licensed CPA.

May 12, 2026
Audit Quality

What is vibe compliance?

Compliance that looks finished on paper but was never tested.

May 2, 2026
Audit Quality

What is a stamp audit?

How box-checking audits happen, and how to spot one.

Apr 25, 2026
Audit Quality

What a first-time audit actually finds

The gaps a first-time SOC 2 turns up almost every time.

Apr 18, 2026
The Basics

Can a solo founder pass SOC 2?

How a one-person company passes, and how controls get right-sized.

Apr 11, 2026
The Basics

Who actually signs your SOC 2 report?

The report is a CPA's signed opinion, not the platform's output.

Apr 4, 2026