Per-employee benchmarks

SOC 2 cost by company size

The simplest CFO-grade heuristic: per-employee SOC 2 cost. Year 1 is $250-$2,000 per head with smaller teams paying more. Year 2+ drops to $150-$600. Concrete tier-by-tier line items below.

Headline benchmark

Year 1, per employee

$250 - $2,000

Smaller teams pay more per head; economies of scale kick in around 75 FTE

Year 2+, per employee

$150 - $600

Audit fees recur; gap assessment and policy build do not

5-25 employees

Pre-seed / Seed

<$2M ARR

Year 1 total

$20k-$45k

Per employee Y1

$800 - $2k

CPA audit (Type 1 or boutique Type 2)$8k-$22k

GRC platform (entry tier)$5k-$10k

Pen test (basic scope)$3k-$8k

Readiness consulting (light or self-serve)$0-$5k

Tool gaps$2k-$8k

Engineering opportunity cost$5k-$15k

Policies, training, legal review$1k-$4k

25-75 employees

Series A

$2M-$15M ARR

Year 1 total

$35k-$80k

Per employee Y1

$500 - $1k

CPA audit (Type 2, mid-tier)$18k-$38k

GRC platform (mid tier)$8k-$16k

Pen test (standard scope)$5k-$10k

Readiness consulting$3k-$10k

Tool gaps (SIEM, MDM, scanner)$5k-$15k

Engineering opportunity cost$15k-$35k

Policies, training, legal review$2k-$6k

75-300 employees

Series B / C

$15M-$80M ARR

Year 1 total

$60k-$130k

Per employee Y1

$350 - $800

CPA audit (Type 2, mid-tier or national)$30k-$60k

GRC platform (mid-enterprise tier)$12k-$22k

Pen test (multi-target scope)$8k-$18k

Readiness consulting$8k-$20k

Tool gaps$8k-$25k

Engineering opportunity cost$25k-$60k

Policies, training, legal review$3k-$8k

300+ employees

Late stage / Enterprise

$80M+ ARR

Year 1 total

$90k-$220k

Per employee Y1

$250 - $700

CPA audit (Type 2, national / Big-4)$50k-$100k+

GRC platform (enterprise tier)$15k-$30k

Pen test (multi-target / red-team)$15k-$35k

Readiness + dedicated consultant$15k-$40k

Tool gaps$12k-$35k

Engineering opportunity cost$35k-$80k

Policies, training, legal review$5k-$15k