SOC 2
SOC 2 continuous monitoring
Map production system state to all 5 Trust Service Categories. Evidence collected automatically, not by hand.
SOC 2 TSC COVERAGE
LIVE
CC1–CC9Common Criteria
A1.1–A1.3Availability
C1.1–C1.2Confidentiality
P1–P8Privacy
PI1.1–PI1.5Processing Integrity
Coverage
Trust Service Criteria coverage
Each criterion mapped to specific production system state observable via API. Evidence generated automatically.
| TSC | Control Description | Monitored by | Test type | Evidence artifact |
|---|---|---|---|---|
| CC1.1–CC1.5 | Control environment, management oversight | Okta, Google Workspace | Automated | IAM policy snapshot, role assignments |
| CC2.1–CC2.3 | Communication and information, internal controls | Jira, GitHub | Automated | Issue tracking logs, PR audit trail |
| CC3.1–CC3.4 | Risk assessment, fraud considerations | Datadog, PagerDuty | Automated | Alert history, incident records |
| CC4.1–CC4.2 | Monitoring activities, evaluating deficiencies | Datadog, Splunk | Automated | Monitoring config, alert rule audit |
| CC5.1–CC5.3 | Control activities, deployment of controls | GitHub, Jira | Automated | Deployment logs, change approval records |
| CC6.1–CC6.8 | Logical access security, authentication, authorization | AWS IAM, Okta, GitHub | Automated | Access reviews, MFA status, privilege audit |
| CC7.1–CC7.5 | System operations, anomaly detection, incident response | AWS CloudTrail, Datadog | Automated | CloudTrail logs, anomaly detection records |
| CC8.1 | Change management, authorized change procedures | GitHub, Jira, Linear | Automated | PR merge audit, deployment pipeline records |
| CC9.1–CC9.2 | Risk mitigation, vendor risk management | Custom / API | Automated | Vendor risk assessment records |
| A1.1–A1.3 | Availability: capacity planning, monitoring, incident recovery | AWS CloudWatch, PagerDuty | Automated | Uptime records, incident response logs |
| C1.1–C1.2 | Confidentiality: identification and protection | AWS S3, Snowflake | Automated | Encryption config, access control records |
| PI1.1–PI1.5 | Processing integrity: completeness, accuracy, validity | Custom / Webhook | Automated | Processing logs, error rate records |
Evidence
Evidence artifacts generated
Tenurex automatically generates the evidence artifacts your auditor expects — structured for AICPA SOC 2 formats.
User access reviews
Change management logs
Incident tickets
Configuration snapshots
Vulnerability scan results
Vendor risk records
Training completion logs
Business continuity test results
Ready to automate your SOC 2 evidence collection?
Talk to a compliance engineer and see Tenurex map your production systems to Trust Service Criteria live.
Request SOC 2 demo