SOC 2 cost calculator.
Pick the inputs that match your context. The calculator returns a year-1 range, year 2 and 3 cost, three-year total, and the line-by-line breakdown. No email is captured. Print the result for a finance committee with the print stylesheet.
- Audit firm fees£13,200 – £24,800
- Readiness and remediation£10,200 – £19,200
- GRC platform£8,000 – £14,000
- Internal time£4,200 – £7,900
How the model works
Five levers move the output: company size band, current security maturity, audit type (Type 1, Type 2, or both), Trust Services Criteria in scope, and whether a GRC platform contract is included. Each lever is calibrated against published auditor pricing, GRC platform tiers, and buyer-reported figures as of April 2026.
The audit fee scales with size and audit type. Each optional Trust Services Criterion adds 18 percent to the audit-fee component. Readiness is a fixed share of the base, adjusted by maturity. Internal time is calibrated at £75 per hour fully loaded. Year 2 and 3 apply the SOC-2-specific full re-audit pattern (no surveillance audit), with reduced internal time.
These ranges aggregate published auditor pricing, GRC platform tiers, and buyer reports as of April 2026. The full sourcing is on the methodology page.
Print and share
The calculator above prints cleanly. Use your browser's print function (Ctrl/Cmd P) to save the scenario as a PDF for a CFO conversation or a finance committee paper. The print stylesheet hides the navigation and footer.
No email gate, no signup, no exit-intent. The result is static when printed, with the input set visible at the top for reproducibility.