This is a great point, getting a checklist of your problems to fix and a way to project manage certain pieces of the process isn’t solving the real problem. Also many of these tools don’t give you great insight into where you stand going into your audit or in between your annual audits.

A newer tool that I’ve heard great feedback on is Drata. They’re more focused on automation and continuous evidence collection.

I think this depends on your internal resources. TugBoat and Laika are more project management tools, a great question to ask is if you integrate with my Infrastructure, how many controls within the SOC2 framework are you actually automating. Vanta has been around awhile but I’ve heard mixed feedback from auditors as well as companies that use the tool. I’d recommend looking into Drata, they have the most automation and great auditor relationships. Happy to provide an intro to one of their audit partners that I used to work with to learn more from their perspective.