I think we're in quite a bit of agreement.. sometimes the SOC2 review exposes gaps and you need to find a way to close them -- where do you look for critical path on that?

Also, SOC2 audits are sometimes coupled with more strenuous ones, so in the umbrella of audit season, you may have to demonstrate things, or records of things.