← All examplesInfrastructure & Platform

Achieving SOC 2 Compliance

Complete SOC 2 Type II certification to unblock enterprise sales and reduce security questionnaire burden.

compliancesecurityenterpriseSOC 2

The full NCT chain

NNarrative

We've lost three enterprise deals in the last quarter because we can't pass their security review. Our sales team spends 10+ hours per deal answering security questionnaires manually, and the answers are inconsistent. Enterprise procurement teams require SOC 2 Type II as a minimum. Without it, we're disqualified before the product demo. If we achieve SOC 2 certification, we remove the #1 blocker in our enterprise pipeline and save 40+ hours per month on security questionnaires.

CCommitment 1

Complete all SOC 2 Type II control implementations and pass the readiness assessment

TTasks
  • Gap analysis against SOC 2 Trust Service Criteria
  • Implement access controls and identity management
  • Set up audit logging across all systems
  • Implement encryption at rest and in transit
  • Document all security policies and procedures
  • Run internal readiness assessment
CCommitment 2

Ship a customer-facing security page and a pre-filled security questionnaire

TTasks
  • Create a public security page with compliance details
  • Build a pre-filled security questionnaire template (CAIQ, SIG)
  • Design a trust center page for enterprise prospects
  • Train sales team on how to share security materials
CCommitment 3

Select an auditor and begin the SOC 2 Type II observation period

TTasks
  • Research and shortlist SOC 2 auditors
  • Negotiate scope and timeline with selected auditor
  • Schedule kick-off and begin observation window
  • Set up continuous monitoring for audit evidence collection

When to use this

Context

Use this NCT when enterprise deals are stalling or lost due to security requirements, and your sales team is spending significant time on manual security questionnaires. SOC 2 is often the minimum bar for enterprise B2B SaaS.

Analysis

Why this NCT works

The Narrative makes a compliance project feel urgent by tying it to lost revenue and sales efficiency — not just 'we should be compliant.' The Commitments are practical: implement controls, make materials available to sales, and start the audit. The customer-facing security page and questionnaire template create immediate sales value before the audit is even complete.

Related examples

Product & Engineering

Enterprise API Rate Limiting

Redesign API rate limiting to serve enterprise customers without impacting the reliability of the platform.

Infrastructure & Platform

Building an Observability Stack

Implement structured logging, metrics, and alerting to reduce incident response time and improve system reliability.

Operations & Process

Overhauling Quarterly Planning

Replace a slow, document-heavy planning process with a streamlined cycle using NCT structure.

See how these teams use NCT

For Engineering TeamsFor Enterprise

Learn more

Fundamentals

What is the NCT Framework? A Complete Introduction

Ready to build your own NCT?

Start with a Narrative. Add Commitments. Break them into Tasks. Free forever to start.

Start for freeBrowse more examples

Free forever. No credit card needed.