CtrlK
BlogDocsLog inGet started
Tessl Logo

assisting-with-soc2-audit-preparation

This skill assists with SOC2 audit preparation by automating tasks related to evidence gathering and documentation. It leverages the soc2-audit-helper plugin to generate reports, identify potential compliance gaps, and suggest remediation steps. Use this skill when the user requests help with "SOC2 audit", "compliance check", "security controls", "audit preparation", or "evidence gathering" related to SOC2. It streamlines the initial stages of SOC2 compliance, focusing on automated data collection and preliminary analysis.

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill assisting-with-soc2-audit-preparation
What are skills?

88

1.00x

Quality

53%

Does it follow best practices?

Impact

95%

1.00x

Average score across 9 eval scenarios

Optimize this skill with Tessl

npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/soc2-audit-helper/skills/soc2-audit-helper/SKILL.md
SKILL.md
Review
Evals

Evaluation results

100%

SOC2 Readiness Assessment for a SaaS Startup

SOC2 readiness report structure

Criteria
Without context
With context

Compliance status summary

100%

100%

Areas of concern highlighted

100%

100%

Environment-specific detail

100%

100%

Trust Service Criteria coverage

100%

100%

Vendor risk management gap

100%

100%

Security training gap

100%

100%

Remediation guidance

100%

100%

Prompt findings review

100%

100%

Report comprehensiveness

100%

100%

Output files present

100%

100%

Without context: $0.4697 · 4m 10s · 17 turns · 18 in / 9,611 out tokens

With context: $0.5057 · 4m 36s · 22 turns · 21 in / 8,499 out tokens

100%

SOC2 Compliance Tooling Strategy

Security tool integration recommendations

Criteria
Without context
With context

Environment-specific gaps

100%

100%

Compliance status mapped

100%

100%

Areas of concern called out

100%

100%

Vulnerability scanner recommendation

100%

100%

Configuration management tool recommendation

100%

100%

Integration framing

100%

100%

Comprehensive security posture view

100%

100%

Specificity of SOC2 criteria

100%

100%

Prompt findings action

100%

100%

Both output files present

100%

100%

Without context: $0.4255 · 4m 11s · 12 turns · 13 in / 9,247 out tokens

With context: $0.6131 · 6m 29s · 28 turns · 320 in / 10,401 out tokens

91%

-5%

SOC2 Continuous Compliance Program

Regular audit review cadence

Criteria
Without context
With context

Recurring schedule specified

100%

100%

Progress tracking mechanism

100%

90%

New gap identification process

80%

70%

Findings review process

100%

91%

Prompt remediation guidance

100%

90%

Environment-specific controls

100%

100%

Evidence checklist categories

100%

100%

Type 2 ongoing evidence focus

100%

100%

Comprehensive status coverage

75%

62%

Both output files present

100%

100%

Without context: $0.5354 · 4m 38s · 19 turns · 19 in / 11,269 out tokens

With context: $0.6484 · 6m 49s · 29 turns · 1,150 in / 9,607 out tokens

77%

-1%

SOC2 Type 2 Evidence Package for NovaPay

Evidence gathering automation

Criteria
Without context
With context

Environment-specific sources

100%

100%

Multiple TSC categories

100%

100%

Specific evidence types listed

100%

100%

Collection method specified

100%

100%

Type 2 ongoing framing

62%

62%

Areas of concern flagged

20%

0%

Inventory template structure

100%

100%

Inventory covers multiple domains

100%

100%

Compliance status context

12%

0%

Prompt review emphasis

50%

75%

Both output files present

100%

100%

Without context: $0.5728 · 4m 28s · 18 turns · 19 in / 12,344 out tokens

With context: $0.5990 · 4m 53s · 20 turns · 54 in / 11,933 out tokens

100%

Security Controls Assessment for Cortex Analytics

Security controls mapping to SOC2

Criteria
Without context
With context

Environment-specific controls mapping

100%

100%

Satisfies/partial/gap classification

100%

100%

Areas falling short identified

100%

100%

Positive controls acknowledged

100%

100%

Multiple SOC2 criteria covered

100%

100%

Healthcare context reflected

100%

100%

Gap prioritization in summary

100%

100%

Practical gap descriptions

100%

100%

Comprehensive compliance status

100%

100%

Prompt issue addressing

100%

100%

Both output files present

100%

100%

Without context: $0.4023 · 3m 32s · 15 turns · 15 in / 8,696 out tokens

With context: $0.6634 · 7m 22s · 28 turns · 112 in / 11,379 out tokens

94%

1%

SOC2 Remediation Roadmap for Ironclad Logistics

Remediation steps suggestion

Criteria
Without context
With context

All gaps addressed

100%

100%

Environment-specific remediation

100%

100%

Critical gaps first

100%

100%

Remediation approach specified

100%

100%

Owner role assigned

100%

100%

90-day timeline respected

100%

100%

Prompt issue addressing

87%

87%

Tracking template structure

100%

100%

Blockers field in template

100%

100%

Strengths acknowledged

25%

37%

Review guidance included

100%

100%

Both output files present

100%

100%

Without context: $0.3226 · 2m 52s · 12 turns · 12 in / 6,849 out tokens

With context: $0.7692 · 6m 42s · 28 turns · 59 in / 14,221 out tokens

100%

SOC2 Audit Scope Definition for StellarPay

SOC2 audit scope definition

Criteria
Without context
With context

Environment-specific system boundaries

100%

100%

Trust Service Criteria selection

100%

100%

TSC selection rationale

100%

100%

Data types and flows

100%

100%

Out-of-scope exclusions

100%

100%

Areas of concern flagged

100%

100%

Preliminary gap awareness

100%

100%

Compliance strengths acknowledged

100%

100%

Prompt action guidance

100%

100%

Both output files present

100%

100%

Without context: $0.3663 · 4m 31s · 13 turns · 14 in / 8,355 out tokens

With context: $0.4238 · 3m 47s · 21 turns · 22 in / 7,199 out tokens

100%

4%

Vendor Risk Assessment for BridgeLend SOC2 Preparation

Vendor risk management for SOC2

Criteria
Without context
With context

Environment-specific vendor references

100%

100%

Vendor risk classification

100%

100%

Areas of concern flagged

100%

100%

SOC2 criteria for vendor management

100%

100%

Evidence gap identification

100%

100%

Compliance status summary

100%

100%

Prompt remediation guidance

100%

100%

Evidence collection guidance

100%

100%

Multiple evidence categories

100%

100%

Tool or process integration recommendation

50%

100%

Both output files present

100%

100%

Without context: $0.4743 · 4m 16s · 18 turns · 19 in / 9,504 out tokens

With context: $0.6012 · 6m 41s · 27 turns · 552 in / 10,838 out tokens

100%

Privacy Controls Assessment for Luminary Health

Privacy TSC compliance assessment

Criteria
Without context
With context

Privacy TSC mapping

100%

100%

Environment-specific system references

100%

100%

Positive controls acknowledged

100%

100%

Privacy control gaps identified

100%

100%

Third-party data sharing addressed

100%

100%

Areas of concern highlighted

100%

100%

Gaps prioritized

100%

100%

Actionable remediation steps

100%

100%

Regulatory context considered

100%

100%

Prompt review guidance

100%

100%

Both output files present

100%

100%

Without context: $0.3620 · 4m 3s · 13 turns · 14 in / 8,377 out tokens

With context: $0.5678 · 6m 26s · 22 turns · 105 in / 10,747 out tokens

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

SOC2 Readiness Assessment for a SaaS StartupSOC2 Compliance Tooling StrategySOC2 Continuous Compliance ProgramSOC2 Type 2 Evidence Package for NovaPaySecurity Controls Assessment for Cortex AnalyticsSOC2 Remediation Roadmap for Ironclad LogisticsSOC2 Audit Scope Definition for StellarPayVendor Risk Assessment for BridgeLend SOC2 PreparationPrivacy Controls Assessment for Luminary Health

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill