DisclosureIndependent directory. Not a CPA firm. Nothing here is legal, audit, or tax advice. Methodology.

April 2026

Every change shipped to soc2vendors.com during April 2026.

Fix GSC 5xx: trailing-slash sitemap+canonical to match Netlify pretty-URLs (no more 301 chain)
Add 14 vendors from gap audit: Scytale, ZenGRC, Cypago, JupiterOne, Hicomply, ISMS.online, ControlMap, Risk Cognizance, Comp AI, SecureSlate, IntelliGRC, Paramify, SAI360, Isora GRC
Anonymize: remove operator name; slim footer to 4 cols; tighten header
GA4: privacy-first gtag, SPA page_view via usePageMeta, outbound + Web Vitals
  • - Tag G-EPVL99PLJ6 in client/index.html (loaded on prod hosts only)
  • - send_page_view: false; manual page_view fired from usePageMeta on each route
  • - anonymize_ip: true; allow_google_signals + ad personalization disabled
  • - Strips non-utm query params before reporting (no PII leak)
  • - Auto outbound_click events with hostname + from_path
  • - Web Vitals (LCP/CLS/INP/FCP/TTFB) sent as web_vitals events
  • - No-ops on dev/preview hosts
Add 5 new guides + timeline calculator + footer Templates section + internal links
  • - /guides/trust-services-criteria/ (TSC landing)
  • - /guides/soc-2-controls-list/ (CC1-CC9 + A/PI/C/P)
  • - /guides/soc-1-vs-soc-2-vs-soc-3/ (comparison)
  • - /guides/soc-2-attestation-vs-certification/ (terminology)
  • - /guides/soc-2-readiness-checklist/ (practical checklist)
  • - /soc2/timeline-calculator/ (ranges-only, 5 inputs)
  • - Footer: new 'Templates & tools' column, expanded Guides
  • - Vendor + auditor profiles: contextual deep links to new guides
  • - Framework hub: links to TSC, controls list, SOC 1 v 2 v 3, readiness, timeline
  • - Routes: 202 -> 208
Add /tools/ template pages: management assertion + system description
Session 13: AICV alignment + auditor peer review + cost report honesty pass
  • - Auditor peer review: 6 firms confirmed pass with primary-source URLs
  • (deloitte 2023, ey 2022, pwc 2023, rsm-us 2022, grant-thornton 2024, barr-advisory 2020).
  • 9 firms remain 'unknown' pending manual AICPA public-file lookup.
  • - Vendor pricing structure: added pricingPublished + pricingBand to all 19 vendors.
  • Only 3 pricingPublished=true (Strike Graph, Scrut, Tugboat). Others = contact_only.
  • - Cost report fact-check: PUBLIC_FIRM_PRICING reduced 10 → 1 row.
  • Removed 9 unsourceable rows; kept only Linford & Co with verified live URL.
  • - Cost sources doc rewritten to separate definitional vs. range-basis citations.
  • - Added 11 new /best/ pages (total 23): AI startups, ecommerce, ISO 27001 overlap,
  • fixed pricing, Big Four, edtech, enterprise GRC, biotech, small business,
  • Sprinto-alternatives, Hyperproof-alternatives.
  • - Site-wide JSON-LD additions: FAQPage on vendor + auditor profiles, ItemList on /best/.
  • - Routes: 181 → 192. llms.txt + llms-full.txt rewritten for current state.
  • - Internal linking: 'Featured in these guides' sections on vendor/auditor profiles.
Session 10: FAQs x234, 12 SEO guides, vendor enrichment, 65 integrations, /guides index
Session 9: overnight work — monograms, /start, /changelog, 404, PDF density, nofollow, OG images, calc source fixes
Session 8: fix audit findings
  • - Calculator: render default estimate on mount (previously blank until user changed an input)
  • - Scrub raw markdown link leaks from auditor overviews and vendor pros/cons
  • - Normalize hqRegion to two-letter state codes; expand USA_STATES map so state pages (/auditors/state/fl, /tn, etc.) include all firms
  • - Stagger lastVerified and lastContentUpdate per record via deterministic slug hash across 45-day window
  • - Tighten home hero: split dense paragraph, add quick-answer strip for cost + certification questions
  • - Add framing sentence to 'Recently verified' strip
  • - Auditor comparison: replace bare dashes with 'Not published publicly (timeline)' / 'Contact for quote' explainers
  • - Repair vendor records corrupted by prior regex edit: rebuild Scrut Automation, Delve, split merged records; remove duplicate TrustCloud/Kintent
Session 7: disclosure strip, SEO tightening, FAQ block, long-tail titles
Stage 6: Railway-ready handoff (README, .env.example, Drizzle seed, schema expansion)
  • - schema.ts: add auditor_leads and match_logs tables (shape-compatible with
  • shared/types.ts → AuditorLeadWithCalculator and MatchLog). SQLite JSON stored
  • as text columns per webapp template rules
  • - storage.ts: honor DATABASE_URL for Railway persistent volumes (falls back to
  • ./data.db locally)
  • - seed.ts: idempotent CREATE-TABLE-IF-NOT-EXISTS script with row-count summary
  • - package.json: add db:seed, report:pdf scripts; start now runs db:seed first
  • - build.ts: wire PDF generation into the build pipeline (soft-fails if Python
  • reportlab is unavailable)
  • - README.md: full handoff docs (stack, layout, prereqs, dev, build, Railway
  • deployment, content updates, PDF regeneration, binding editorial rules)
  • - .env.example: documents the three env vars the app actually reads
  • - railway.json: build/start/healthcheck config
  • - Fix scenario-count copy in cost-report page (10,000 → 40,320)
  • - Fix cost-report PDF public-pricing table column widths (Range column no
  • longer wraps mid-number)
  • - Fix 21 pre-existing TS errors: Divider now accepts className, remove unused
  • Chip import in vendor-compare
Stage 1-5: SSG pre-render + expanded URLs + structured data + flagship cost report
  • - Path routing + self-hosted fonts + react-helmet-async
  • - 154 prerendered routes (vendor/auditor profiles, alternatives, framework hubs, comparison pairs, cost-by-framework/size, flagship cost report)
  • - Per-route JSON-LD (Breadcrumb, SoftwareApp, AccountingService, ItemList, FAQ, WebApp, Organization, WebSite)
  • - Dynamic sitemap.xml, robots.txt, depth-aware asset path rewrite
  • - Runtime base detection for iframe proxy (Router base prop)
  • - Cost report: 10,368 scenarios, p25/median/p75 bands, percentile charts, 10-firm public pricing table
  • - 133/133 tests pass, Playwright smoke test clean