If you are considering a SOC 2 Readiness Assessment, now is the time to think critically about what you want out of that process. Most companies pursuing a SOC 2 Readiness Assessment see it as their smooth on-ramp into a full SOC 2 examination. And, they see it as a way to preemptively identify and resolve any major gaps in their security program.
In almost any imaginable case, that approach is dramatically better than getting knee-deep into an audit and discovering that you have a huge pile of urgent remediations that you need to take care of in order to obtain a clean SOC 2 report (an "unmodified opinion"). If you find yourself discovering major SOC 2 shortcomings during an audit, something went very wrong during your readiness effort.
So, SOC 2 Readiness Assessments are a good thing, right? Yes. But only if you pick one that is rooted in TSP Section 100.