Code-level first pass against the SOC 2 Trust Services Criteria — logical access, change management, monitoring, incident recovery, and data lifecycle controls an auditor will actually test, checked from your repo before you pay for the real audit.