How RateMySOC Works
A practical guide to understanding your SOC maturity score — methodology, categories, scoring bands, and 2026 context.
What Is SOC Maturity?
SOC maturity describes how systematically and effectively an organisation detects, investigates, and responds to cyber threats. Higher maturity means faster detection, lower mean-time-to-respond, and greater resilience against sophisticated adversaries.
No formalised monitoring or incident response. Security events are addressed ad-hoc and only after significant impact. No centralised logging or defined playbooks.
Foundational monitoring and alerting in place. Centralised logging, basic SIEM use, documented IR procedures, and regular vulnerability scanning. Coverage may not be 24×7.
Proactive threat hunting, behavioural analytics, EDR/XDR deployment, and threat intelligence integration. MITRE ATT&CK-aligned detections, red/purple team exercises.
Full SOAR automation, in-house malware analysis, digital forensics capability, AI-augmented operations, and robust APT/nation-state detection. Continuous adversary simulation.
The Four Assessment Categories
The assessment is divided into four domains, each targeting a distinct dimension of SOC capability. Every question is scored 0 – 4 based on current implementation depth.
Basic SOC Capabilities
7 questions
Covers 24×7 monitoring, SIEM deployment, centralised log management, incident response plans, vulnerability management, alert triage, and escalation procedures.
Advanced SOC Capabilities
7 questions
Assesses threat hunting programmes, user and entity behavioural analytics (UEBA), EDR/XDR coverage, threat intelligence platforms, MITRE ATT&CK integration, and red/purple team exercises.
Expert SOC Capabilities
7 questions
Evaluates SOAR/playbook automation, in-house malware analysis, digital forensics, AI-augmented detection, deception technology, and detection engineering maturity.
SOC Operations & Resources
6 questions
Reviews staffing levels, analyst training and certification, tool coverage, budget adequacy, documentation quality, and KPI/metrics programmes (MTTD, MTTR).
How Scoring Works
Each of the 27 questions is scored from 0 (capability absent) to 4 (fully implemented and optimised), giving a maximum possible score of 108 points. Your percentage score maps to one of four maturity bands.
| Score % | Points | Maturity Level |
|---|---|---|
| < 25% | 0 – 26 | Below Level I |
| 25 – 49% | 27 – 53 | Level I |
| 50 – 74% | 54 – 80 | Level II |
| ≥ 75% | 81 – 108 | Level III |
Important: Your score reflects current, demonstrable capabilities — not planned initiatives or aspirational targets. Be conservative: partial implementations should be scored at the level actually in production use.
2026 Context
The threat landscape and regulatory environment have shifted significantly. RateMySOC is updated to reflect the priorities security operations teams face right now.
AI & Agentic SOC Platforms
AI-driven alert triage, autonomous playbook execution, and agentic security co-pilots are rapidly becoming differentiators. Questions reflect adoption of these capabilities.
GenAI-Assisted Threat Hunting
Large language models are now used for log summarisation, hypothesis generation, and natural-language query of SIEM data. The assessment gauges awareness and adoption.
Identity-First Security (ITDR)
Identity Threat Detection & Response has emerged as a critical layer. Questions cover MFA, privileged access management, and identity anomaly detection.
Software Supply Chain Risk
Post-SolarWinds and XZ Utils, software supply chain monitoring is now a baseline expectation for mature SOCs — covering SBOMs, dependency scanning, and build pipeline integrity.
Regulatory Landscape
SEC cyber disclosure rules, NIS2, DORA, and CISA guidelines all carry direct SOC maturity implications. The assessment references these where relevant.
Frequently Asked Questions
- Is my data stored anywhere?
- No. RateMySOC is entirely client-side. Your answers and results are stored in your browser's localStorage and never transmitted to any server. Clearing your browser data removes all stored information.
- How long does it take?
- Most assessors complete all 27 questions in 10 – 15 minutes. You can pause at any time — your answers are saved automatically in the browser.
- Who is this tool designed for?
- Security leaders including SOC managers, CISOs, security architects, and management consultants conducting maturity reviews. It is also useful for security analysts who want to benchmark their organisation.
- Can I export my results?
- Yes. After completing the assessment, a PDF export button is available on the results page. The PDF includes your score, maturity level, section breakdowns, and prioritised recommendations.
Ready to assess your SOC?
Free, client-side, and takes under 15 minutes.
Start the Assessment →