F2 First SOC 2 Navigator
Startup SOC 2 search page

Use SOC 2 in-progress wording that says what is real today.

Draft precise SOC 2 in progress wording for startup security pages, questionnaires, and buyer updates without implying certification is complete.

Complete triage

Say status, not outcome

Good in-progress wording separates current readiness from future audit outcome: the team has started readiness or an audit path, named the intended Type I or Type II target, assigned owners, and can share the evidence already available. It should not say certified, compliant, passed, or attested until the report exists.

Attach the facts a buyer can inspect

A buyer is usually looking for confidence, not a slogan. Pair the status line with scope, target timing, control owners, current evidence categories, compensating controls, and the person responsible for security follow-up.

Use the Navigator before publishing

Complete the readiness triage, export the owner matrix and evidence examples, then turn those facts into a short questionnaire answer or security-page paragraph. The wording is stronger when it comes from the current owner plan instead of a generic template.

Keep review boundaries explicit

Have the final public language reviewed internally and, where appropriate, by the auditor or counsel. This page provides preparation language and structure, not legal advice, auditor attestation, or a SOC 2 certification claim.

Avoid risky badge language

Do not place a completed SOC 2 badge, report availability claim, or customer assurance statement beside in-progress wording unless the supporting report and disclosure process actually exist.

Related search paths

Keep the first audit decision connected.

SOC 2 readiness statement for startups Startup team asked for a readiness statement, audit status note, or SOC 2 plan during procurement. SOC 2 trust page for startups before certification Startup building a security or trust page because buyers ask about SOC 2 before the report is available. Security questionnaire SOC 2 answers for startups Founder or sales engineer answering a security questionnaire that asks for SOC 2, SSO, MFA, logs, vendors, incidents, and audit status.
Readiness boundary

Founder-grade readiness guidance, not an auditor opinion.

Can a startup say SOC 2 is in progress?

It can describe a truthful readiness or audit process, but it should avoid saying certified, compliant, attested, or passed until the report exists and the disclosure process is approved.

What should SOC 2 in-progress wording include?

Include the current phase, intended report type, target timing if known, controls being prepared, owner accountability, and what evidence can be shared today.

Does this wording replace auditor or legal review?

No. It helps prepare a factual draft that an internal owner, auditor, or counsel can review before publication.

Use the Navigator to align scope, owners, and evidence before auditor review. This is founder-grade readiness guidance, not legal advice, auditor attestation, or a SOC 2 certification. Do not enter secrets, customer records, private keys, or legal conclusions.