| Hi HN, I’m working on a SOC 2 readiness platform and wanted to get perspectives from people who’ve actually been through SOC 2, either in-house or while helping other companies. From what I’ve seen, teams still struggle most with task planning over time, follow-ups, and turning evidence into something that’s actually audit-ready. Many end up with a mix of spreadsheets, shared folders, and last-minute report building, even when they’re using dedicated tools. I’m curious:
- Where did SOC 2 preparation break down most for you?
- What parts felt overly manual or fragile?
- If you’ve used tools like Vanta, Drata, or others, what did they do well and what didn’t they? I recently launched a new version of a platform I’m building (https://www.lumoar.com) that focuses on automating task scheduling and generating pre-audit / gap analysis reports directly from controls and evidence, but I’m more interested in learning where the real gaps still are. Would appreciate any candid experiences or advice. |