[softwarefounder]

Yes. We're undergoing this now, and it's a very involved process that should not be undermined.

We've looked into companies that help with this stuff, and usually it's around 50k to get setup, and a minimum of 20-30k annually to get "re-certified" with a SOC2 report.

There's a newer SaaS company that claims to help with this sort of stuff called Vanta. Haven't looked into them, but I've been meaning to. https://www.vanta.com/

Please understand that it's almost irrelevant on if your cloud provider has a SOC2 report. SOC2 reports are centered around your internal processes, your organizational procedures, how you store and protect data, etc.