Automate SOC 2 quality checks in your vendor assessment workflow. Score reports programmatically, flag low-quality audits, and track vendor compliance over time.
Automatically score SOC 2 reports during vendor intake
Flag low-quality reports before security review
Track vendor SOC 2 quality improvements over time
Get up and running in under 5 minutes with our REST API.
curl -X POST https://soc2quality.com/api/v1/analyze \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "file=@report.pdf" \
-F "mode=full" \
-F "webhook_url=https://your-app.com/webhook"Free tier: 1,000 requests/month. Need more? Contact us for enterprise plans.
/api/v1/analyzeInclude your API key in the Authorization header:
Authorization: Bearer YOUR_API_KEY| Parameter | Type | Required | Description |
|---|---|---|---|
| file | File | Required | SOC 2 Type 2 PDF file (max 100MB) |
| mode | String | Optional | "private" or "full" (default: full) |
| webhook_url | URL | Optional | Callback URL for async processing |
| include_excerpts | Boolean | Optional | Include report excerpts in response |
{
"analysis_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"timestamp": "2025-01-26T10:30:00Z",
"rubric_version": "1.2",
"overall_score": 72,
"grade": "C+",
"summary": {
"verdict": "Report meets basic requirements but has notable gaps in control specificity and test documentation.",
"top_issues": [
"Generic control language without specific tools/systems",
"12 tests lack sufficient evidence references",
"3 exceptions documented without remediation plans"
],
"strengths": [
"Clear scoping definition",
"Well-documented exception handling process",
"Comprehensive system description"
]
},
"categories": [
{
"name": "Control Specificity",
"score": 65,
"weight": 0.25,
"weighted_score": 16.25,
"findings": [...]
}
],
"report_metadata": {
"page_count": 45,
"control_count": 104,
"test_count": 98,
"exception_count": 3
},
"privacy": {
"report_deleted_at": "2025-01-26T10:30:45Z",
"retention_policy": "immediate_deletion"
}
}/api/v1/rubricReturns the JSON rubric configuration including all categories, weights, and evaluation criteria. Use this to check if the rubric has been updated.
/api/v1/benchmarksReturns anonymous statistical data including average scores, percentile distributions, and category breakdowns across all analyzed reports.
Integrate SOC 2 quality checks into your vendor onboarding workflow
import requests
API_KEY = "your_api_key_here"
def assess_vendor_soc2(vendor_name, soc2_pdf_path):
response = requests.post(
'https://soc2quality.com/api/v1/analyze',
headers={'Authorization': f'Bearer {API_KEY}'},
files={'file': open(soc2_pdf_path, 'rb')},
data={'mode': 'full'}
)
result = response.json()
if result['overall_score'] < 70:
notify_security_team(
vendor_name,
f"Low quality SOC 2 (score: {result['overall_score']})"
)
return resultSimple, transparent pricing for teams of all sizes
We NEVER store your SOC 2 PDFs. Your reports are processed in-memory, analyzed, and immediately deleted.
PDF Uploaded
Parsed In-Memory
Analysis Performed
Results Returned
PDF Deleted
All data transmitted over secure, encrypted connections
Reports are never written to persistent storage
Reports are processed in memory and immediately discarded
Receive analysis results asynchronously for large files or batch processing
When processing completes, we POST the full analysis result to your webhook URL with an HMAC signature for verification.
X-SOC2-Signature: sha256=HMAC_SIGNATURE