FAQ Library

Straight answers for teams getting serious about SOC 2.

This page covers the questions startup teams usually ask before they commit to a compliance workflow: what auditors care about, when readiness work should start, how evidence collection works, and where Liance fits between spreadsheets and heavyweight GRC tooling.

FAQ trail
01 Question
02 Context
03 Decision

What this page covers

  • How SOC 2 readiness works for startup teams
  • Where Liance fits in the audit preparation process
  • Why evidence collection breaks down in spreadsheets
  • How ongoing readiness differs from one-time prep

SEO focus

SOC 2 readiness, compliance evidence collection, startup audit prep, remediation workflows, and continuous audit readiness.

Basics

The shortest path to what Liance is and is not.

01

What is Liance?

Liance is a compliance readiness workspace for startup teams preparing for SOC 2. It helps organize evidence, map proof to controls, surface missing work, and keep audit readiness from drifting between reviews.

02

Who is Liance built for?

Liance is built first for B2B startups, especially teams handling SOC 2 for the first time or trying to keep renewal cycles cleaner without hiring a full internal compliance team.

03

Is Liance the auditor?

No. Liance is not the independent auditor issuing the SOC 2 report. It supports readiness work by keeping evidence, control context, and remediation work in one operating layer before the formal audit.

04

Does Liance replace a full enterprise GRC suite?

Not on day one. Liance is meant for the middle ground where spreadsheets and manual evidence collection are no longer enough, but a heavyweight GRC rollout still feels excessive for the stage of the company.

Workflow

How evidence, controls, and remediation work together.

01

How does Liance help with SOC 2 readiness?

Liance pulls together evidence like cloud settings, access records, screenshots, policy artifacts, and follow-up tasks into a single reviewable workflow. That makes it easier to see what is covered, what is missing, and what needs human review before audit week.

02

What kind of evidence can Liance organize?

The product is designed around the proof teams already chase manually: access records, infrastructure settings, screenshots, policy documents, task ownership, and context that helps explain why a control is actually satisfied.

03

Can Liance create remediation tasks for missing controls?

Yes. One of the core goals is to turn unclear compliance gaps into owned next steps with clear actions, owners, and deadlines so they do not remain vague blockers until the last minute.

04

Can Liance help with auditor questions and security reviews?

Yes. Liance is designed to draft answers from grounded evidence so teams have a cleaner starting point for auditor conversations and customer security reviews instead of rebuilding context every time.

Integrations

Which systems matter and why manual proof still shows up.

01

Which systems matter most for first-time SOC 2 work?

For many startup teams, the first systems auditors ask about are cloud infrastructure, source control, identity and access records, collaboration tools, and issue tracking. That is why the product story starts around tools like AWS, Azure, GitHub, Google Workspace, Slack, Jira, and Okta.

02

Does Liance replace screenshots and manual evidence entirely?

Not always. Some controls still need screenshots, human confirmation, or supporting notes. The point of Liance is to make that manual proof easier to collect, connect, and review instead of leaving it scattered across folders and chat threads.

Timing

When startup teams should start and how readiness continues.

01

How early should a startup start compliance work?

Earlier than the sales pressure usually forces it. Teams often wait until a large prospect asks for proof, but readiness is much smoother when evidence collection and control ownership begin before the scramble starts.

02

Can Liance help after the first audit as well?

Yes. The value is not only getting ready once. The longer-term value is staying ready as people join or leave, systems change, policies age, and evidence needs to be refreshed over time.

Trust

Why teams outgrow spreadsheets and what changes next.

01

Do customers need their own SOC 2 before using Liance?

No. Many early customers will be using the product precisely because they are preparing for SOC 2 or building a cleaner readiness process before they formalize their first audit.

02

Why not just manage compliance in spreadsheets and shared folders?

Small teams can start there, but the process usually breaks once evidence lives across screenshots, exports, docs, emails, and Slack threads. Liance exists to reduce that fragmentation and make readiness easier to maintain.