← All guides
Product5 min read13 July 2026

ComplyKit Adds FCA Consumer Duty Checklist and SOC 2 Type II Readiness — Now 102 Free Generators

ComplyKit hits 102 free compliance generators with two new additions: an FCA Consumer Duty Compliance Checklist (42 items, PRIN 2A / PS22/9) and a SOC 2 Type II Readiness Assessment (42 items, evidence collection, audit period monitoring).

102 free compliance generators — no account required

ComplyKit now offers 102 free compliance generators, covering GDPR, SOC 2, HIPAA, EU AI Act, NIS2, DORA, PSD2/PSD3, ISO 27001, FCA, CSRD, and more. Today's additions: an FCA Consumer Duty Compliance Checklist and a SOC 2 Type II Readiness Assessment.

New: FCA Consumer Duty Compliance Checklist (101st)

The FCA Consumer Duty Compliance Checklist is a 42-item gap assessment covering all four Consumer Duty outcomes (PRIN 2A / PS22/9), governance, and monitoring:

  • Products & Services (PRIN 2A.3): 7 items — target market definition, product governance, outcome testing, foreseeable harm, closed book assessment
  • Price & Value (PRIN 2A.4): 7 items — fair value assessment, value chain analysis, fee benchmarking, add-on product assessment, renewal pricing (PS21/5)
  • Consumer Understanding (PRIN 2A.5): 7 items — communications review, comprehension testing, financial promotion compliance, digital dark patterns, vulnerable customer communications
  • Consumer Support (PRIN 2A.6): 7 items — accessible support, exit processes, vulnerable customer identification (FG21/1), complaint root cause, claims outcomes
  • Governance & Board Accountability: 7 items — annual board attestation (PRIN 2A.2.18R), SM&CR Consumer Duty champion, MI framework, distributor/manufacturer information sharing
  • Monitoring & Remediation: 7 items — outcome monitoring programme, FCA reporting obligations, proactive remediation, IA assurance, portfolio letter action

The tool generates a 12-section FCA Consumer Duty Compliance Assessment including a per-outcome scorecard, critical gap cards with PRIN 2A references, fair value assessment framework deep dive, consumer understanding and vulnerable customer guidance, and a phased remediation roadmap.

Who it's for: CCOs, compliance teams, Senior Managers (Consumer Duty champions), product and commercial teams at FCA-authorised firms, and compliance consultants.

New: SOC 2 Type II Readiness Assessment (102nd)

The SOC 2 Type II Readiness Assessment is a 42-item assessment specifically designed for the Type II observation period — the area where most companies underestimate the work required. It covers:

  • Evidence Collection & Audit Trail: 7 items — evidence collection plan, population lists, automated collection, quarterly reviews, auditor format preferences
  • Access Controls & User Lifecycle (CC6): 7 items — quarterly access reviews, JML process, PAM, MFA enforcement, separation of duties, service accounts, physical access
  • Change Management & SDLC (CC8): 7 items — change tickets for every deployment, code review, dev/prod separation, SAST/DAST in CI/CD, emergency change process
  • Continuous Monitoring & Incident Response (CC7): 7 items — SIEM operations, vulnerability management, incident response invocation, penetration testing, backup restore tests, security training
  • Risk Management & Vendor Due Diligence (CC3, CC9): 7 items — risk assessment, vendor programme, sub-service organisation reports (AWS/GCP/Azure CUECs), DPAs, BCP/DR testing
  • Policies & Organizational Controls (CC1, CC2): 7 items — policy review cycle, employee acknowledgements, background checks, encryption evidence, asset inventory, data classification

The generated report includes a 12-section SOC 2 Type II Readiness Assessment: AICPA sampling methodology explained, per-domain scorecard, critical evidence gap cards with TSC criterion references (CC6.1, CC8.1 etc.), deep dive on evidence collection strategy and AICPA sampling windows, deep dive on access control sampling and quarterly reviews, and an audit preparation timeline from T-6 months to final report.

Who it's for: SaaS engineering and security teams preparing for their first Type II audit or renewing, CTOs and founders evaluating Type I → Type II upgrade paths, compliance consultants managing SOC 2 programmes.

Browse all 102 generators

Browse all 102 free compliance generators at /generate — covering GDPR/CCPA, SOC 2 (gap assessment, Type II readiness, evidence pack, system description, vendor DDQ), ISO 27001, HIPAA, EU AI Act, NIS2, DORA, PSD2/PSD3, FCA Consumer Duty, CSRD, CRA, APRA CPS 234, and more. No account. No credit card. No paywall.