SOC 2

SOC 2 AI control mapping.

TrustScope provides strong evidence coverage for monitoring, control activity, and change-management criteria tied to AI runtime behavior.

Last verified mapping date: February 19, 2026

ControlRequirementStatusTrustScope Evidence
CC4.1Monitoring activitiesReadyContinuous detection logs and alert history
CC5.1Control activitiesReadyPolicy evaluation and enforcement receipts
CC5.2Technology controlsReadyRuntime guardrail and budget policy execution logs
CC6.1Logical accessPartialTrustScope RBAC + customer IAM evidence needed
CC6.2Access provisioning / deprovisioningPartialCustomer identity lifecycle controls required
CC8.1Change managementReadyConfiguration history and policy version trails
CC9.1Risk mitigationReadyExposure scoring, incidents, and response timelines
CC9.2Vendor managementCustomerOrganizational process outside TrustScope scope

Evidence, not compliance determination

TrustScope provides governance evidence, not compliance determinations. SOC 2 conclusions require qualified audit review.

Start Free