Resources • Checklists & Guides
Explore the Readiness IQ checklist library, practical guides designed to help modern tech-enabled teams prepare for SOC 2, security reviews, and customer due diligence.
These checklists break down complex readiness requirements into clear, actionable steps, from risk assessments and vendor reviews to onboarding, incident response, and ongoing compliance discipline.
You can preview and download each checklist instantly. Inside Readiness IQ, these same readiness activities can also be scheduled, assigned, and tracked over time as part of your compliance calendar. See how the compliance calendar works →
This checklist helps you implement a repeatable process to review and validate employee, contractor, and vendor access to systems and data. Regular reviews improve security posture and prepare you for audits.
This calendar provides a structured, annual plan to stay audit-ready under the SOC 2 Security trust criteria. Activities are spread throughout the year to reduce operational disruption and ensure continuous compliance.
A formal risk assessment helps identify potential threats to your organization's operations, systems, and data. This annual checklist ensures you’re meeting core SOC 2 requirements while keeping your risk management process structured and auditable.
This risk assessment questionnaire will kick start your process for identifying threats across people, technology, and process. Include these Security Trust Services Criteria focused questions in your next internal risk assessment for tracking and mitigation.
Use this questionnaire to assess third-party vendors your company relies on. It’s especially important for vendors that process, store, or access customer data. Request vendors complete this annually to demonstrate continued compliance with your expectations for confidentiality, security, and operational integrity.
This checklist helps you establish a reliable asset inventory and lifecycle process for hardware, software, and cloud-based resources. Proper asset management supports access control, incident response, and audit readiness — and is required for SOC 2, ISO 27001, and other frameworks.
Business Continuity Planning is about ensuring that your company can continue operating essential business functions—like customer service, sales, support, and billing—during and after unexpected disruptions (e.g., cyberattacks, pandemics, supply chain issues, leadership outages).
Use this checklist to document the potential consequences of outages or compromises to your critical systems and processes.
Disaster Recovery Planning is about restoring your technical systems and infrastructure—cloud services, databases, source code, and access controls—after events like data loss, ransomware, service outages, or accidental deletion.
Use this checklist to ensure every departing team member is properly offboarded from a security and compliance perspective.
Use this checklist to ensure every new hire is properly onboarded from a security and compliance perspective. These steps help reduce risk, meet SOC 2 and ISO 27001 expectations, and support your overall security posture.
A risk appetite statement describes how much risk an organization is willing to accept in pursuit of its business goals.
Use this risk register template to document and monitor activities captured during the annual risk assessment process. A documented formal risk assessment helps identify potential threats to your organization's operations, systems, and data.
Security awareness training helps your team become the first line of defense against threats. This checklist ensures every team member understands key risks, knows how to respond, and meets baseline compliance expectations for frameworks like SOC 2.
Security incidents can disrupt operations, damage trust, and risk regulatory violations. This checklist ensures your team is prepared to detect, contain, respond to, and recover from security incidents efficiently and in compliance with SOC 2 and other frameworks.
Use this checklist to prepare for a SOC 2 audit focused on the “Availability” Trust Services Criteria (TSC). For each control, ensure you have the proper evidence and corresponding policy in place.
Use this checklist to prepare for a SOC 2 audit focused on the “Confidentiality” Trust Services Criteria (TSC). For each control, ensure you have the proper evidence and corresponding policy in place.
Use this checklist to prepare for a SOC 2 audit focused on the “Privacy” Trust Services Criteria (TSC). For each control, ensure you have the proper evidence and corresponding policy in place.
Use this checklist to prepare for a SOC 2 audit focused on the “Processing Integrity” Trust Services Criteria (TSC). For each control, ensure you have the proper evidence and corresponding policy in place.
Use this checklist to prepare for a SOC 2 audit focused on the "Security" Trust Services Criteria (TSC). For each control, ensure you have the proper evidence and corresponding policy in place.
Use this guide to plan and run regular tabletop drills aligned with your SOC 2, ISO 27001, or general risk management practices.
This scenario simulates a major outage affecting your primary cloud provider (e.g., AWS, Azure, GCP) and is intended for SaaS companies with remote teams and cloud-hosted infrastructure.
Use this checklist to evaluate new and existing vendors for potential security, compliance, and operational risks. Third-party risk assessments are a core part of SOC 2, ISO 27001, and general cybersecurity hygiene. Documenting these steps will help demonstrate due diligence during audits.
Checklists show what needs to be done. Readiness IQ helps you schedule activities, assign ownership, and track completion over time, so nothing gets missed and your team stays audit-ready.
Learn About the Compliance Calendar