Compliance Report
Sample control-mapping report showing readiness status across an active compliance program.
Compliance Report
Prepared for: Sample Client Environment
Illustrative data for demonstration purposes only
Scope
- • SOC 2 Type II Trust Services Criteria: Security, Availability
- • Control period: January 1 – June 30, 2026
Executive Summary
Of 64 in-scope controls, 61 are operating effectively with evidence collected across the full observation period. Three controls (vendor risk reassessment cadence, quarterly access review, and backup restoration testing) showed evidence gaps in one or more months and require remediation before the Type II observation period concludes.
64
Controls In Scope
61
Operating Effectively
3
Evidence Gaps
95%
Readiness Score
Control Gaps Identified
- • Quarterly access review missed in April due to owner turnover
- • Backup restoration test not documented for May cycle
- • Vendor risk reassessment overdue for 2 Tier-1 vendors
Remediation In Progress
- • New access review owner assigned with calendar reminders configured
- • Backup restoration testing automated via monthly script with logged output
- • Vendor reassessments scheduled for completion within 2 weeks
Recommendations
- Close all three evidence gaps before the Type II observation period ends to avoid a qualified opinion.
- Automate recurring control evidence collection wherever feasible to prevent future gaps.
- Conduct an internal mock audit 30 days before the external auditor's fieldwork begins.
Want the full report for your environment?
This page shows illustrative sample data. Request a scoped engagement and we'll deliver the real thing for your organization.
Request This Report