SOC 2 Type II
Your SOC 2 report, 4–6 weeks from now.
SOC 2 is the trust report your enterprise customers ask for. We design the controls around your existing stack, automate evidence collection on AWS / Azure / GCP, draft every required policy, and walk you straight into your auditor's portal — all inside our platform.
What you get
Everything in your SOC 2 program
Built specifically for service organizations and saas.
Trust Services Criteria mapped to your specific tech stack (Security required, plus Availability / Confidentiality / Processing Integrity / Privacy as needed)
Continuous control monitoring — automated tests run hourly across cloud, code, identity, and device tooling
Auditor-ready evidence collected and tagged automatically (no more screenshot scavenger hunts)
All required policies drafted and version-controlled (Information Security, Acceptable Use, Incident Response, Change Management, BCP/DR, Vendor Management)
Quarterly access reviews + vendor inventory + risk assessment workflows
Direct intros to vetted, fixed-fee SOC 2 auditors (we have working relationships)
In-platform auditor portal — your auditor reviews evidence directly, no email back-and-forth
Type I report in ~6 weeks, Type II observation period (3–12 months) starts immediately after
Pricing
Fixed price. No annual contract.
Setup gets you to the report. The retainer keeps you compliant. Cancel any time.
One-time, fixed-fee
- Full SOC 2 program build
- Auditor introductions and prep
- 4–6 weeks to audit-ready
Cancel any time
- Continuous control monitoring
- Quarterly access reviews + risk refresh
- Drift remediation by our team
- Annual re-audit support included
Audit fees paid directly to your auditor (not marked up). We negotiate fixed-fee quotes from our auditor network.
Honest Year-1 estimate
Total Year 1: $55,000–$95,000
FencePencil setup + 12 months of retainer + your auditor invoice. Auditor fees are paid directly to the auditor, never marked up.
- FencePencil setupOne-time, fixed-fee$15,000
- FencePencil retainer × 12$2,500/mo, cancel any time$30,000
- Auditor pass-through (paid to auditor)Industry range for SOC 2 (annual)$10,000–$50,000
- Total Year 1$55,000–$95,000
Note: SOC 2 audits recur annually. We can pass through your auditor invoice or work with our partner network for a fixed-fee quote.
Stack frameworks, save money
Reuse your SOC 2 work across other frameworks
Most controls overlap. Your second framework costs a fraction of the first.
SOC 2 questions, answered
We target ~6 weeks to Type I and start your Type II observation period the same week. Type II requires a 3–12 month observation period (you choose); enterprises typically expect 6 months. We've shipped Type I in as little as 4 weeks for greenfield SaaS on a clean cloud setup.
Type I attests that your controls are designed and in place at a specific point in time. Type II attests they actually operated effectively over a window (3–12 months). Most enterprise customers ask for Type II. If you need to move fast for a specific deal, start with Type I and run Type II in parallel.
Vanta and Drata sell you software and you do the work. We're a managed service — we wire your cloud accounts, write your policies, run your access reviews, and front-line your auditor. You own all the evidence and can switch providers any time; nothing is locked into a SaaS we control.
The audit is a separate fee paid to your auditor (we don't mark it up). Expect $12K–$25K for a Type I and $20K–$40K for a Type II from a reputable mid-market firm — we negotiate fixed-fee quotes from our auditor network so you know the number up front.
Yes — that's what the monthly retainer covers. Continuous control tests, evidence refresh, quarterly access reviews, vendor re-assessments, policy updates, and drift remediation. You stay audit-ready year-round, not just before the next audit.
You own all the evidence, policies, and tooling — they live in your cloud accounts and your repo, not ours. Cancel any time and walk away with everything. We hand you a transition packet and your next provider (or in-house team) picks up where we left off.
Ready to ship your SOC 2?
Tell us your timeline. We'll scope the work, give you a fixed price, and start this week.