SOC 2 alignment

Bring AI agents inside your SOC 2 boundary.

SOC 2 is the AICPA attestation that a service organization's controls meet the Trust Services Criteria — Security, Availability, Processing Integrity, Confidentiality, and Privacy. When agents take real actions on customer data, they extend your control boundary. Cortex makes that boundary enforceable: scoped identities, change management, fail-closed access controls, and a tamper-evident audit trail the auditor can test.

Aligned with AICPA Trust Services Criteria · CC + A + PI + C + P

audit/verify
#101hash ✓#102hash ✓#103hash ✓#104hash ✓#105hash ✓
head 0x9f3a…c1ok: true
verifyChain ▸ chained SHA-256 · signed receipts
What SOC 2 is

SOC 2 (AICPA Trust Services Criteria), in plain language.

A SOC 2 report is an attestation from an independent CPA firm that your controls are suitably designed (Type I) and operating effectively over a period (Type II). It is organized around the Trust Services Criteria: the Common Criteria (security, CC1-CC9), plus Availability, Processing Integrity, Confidentiality, and Privacy as applicable. SOC 2 is not a checklist you pass once — it is a continuous control program an auditor samples. Agents that read and write customer data sit squarely inside that program. Cortex contributes the access, change-management, monitoring, and logging controls for the agent layer, and — uniquely — makes the audit log itself tamper-evident so the integrity of your evidence is provable.

applies to ▸ United States · service organizations · Trust Services Criteria

The obligations — and how Cortex maps to them

Each requirement becomes an enforced, recorded control.

The Common Criteria turn on access control, change management, monitoring, and audit logging. Cortex enforces each at the agent layer and seals the resulting evidence so a Type II sample finds operating controls.

CC6 · Logical access
  • Agent IAM treats each agent as a governed identity
  • Allowed models / actions / environments per identity
  • Expired or off-allow-list access fails closed (403)
  • RBAC scopes who can change controls and policies
CC7 · Monitoring & audit
  • Hash-chained Trust Ledger logs every gate verdict
  • verifyChain proves the audit log was not altered
  • Control Tower surfaces live anomalies and denials
  • Signed receipts as offline-verifiable evidence
CC8 · Change management
  • Policy-as-Code changes simulated before they ship
  • Golden policy tests gate changes against regression
  • Versioned ontology with draft / publish / rollback
  • Reliability score gates which agent versions publish
Confidentiality & privacy
  • DLP screens data in and out of every tool call
  • Ontology property-level permissions restrict fields
  • Tenant isolation keyed on (tenantId, id) everywhere
  • Retention windows you set, with proof of deletion
Processing integrity
  • Action Fabric: dry-run → propose → approve → execute
  • Compensation / rollback for executed actions
  • Evaluation suites benchmark output quality
  • Datapoint provenance proves outputs trace to sources
The control mapping

From a written obligation to provable evidence.

Every obligation reduces to a fail-closed runtime gate whose verdict lands in a tamper-evident ledger you can hand an examiner. This is the table a Compliance Pack exports for this framework.

ObligationEnforced Cortex controlLedger evidence
CC6 — logical & physical access controlsAgent IAM + RBAC403 on restricted read
CC7 — system monitoring & incident detectionTrust Ledger + Control TowerverifyChain ▸ ok:true
CC8 — change managementPolicy simulate + golden testspassed/total before ship
Availability — resilience & recoveryCost caps + kill switch + SLAs402 over budget
Processing integrity — complete, accurate, authorizedAction Fabric lifecycleexecuted · compensated
Records are complete & tamper-evidentSigned receipts, sealed chainhashOk:false flags edits
Compliance Packs

One-click evidence export, straight from the Trust Ledger.

A SOC 2 Type II auditor samples evidence across the period to test that controls operated. A Compliance Pack maps the Trust Services Criteria to their Cortex controls and exports the sealed run records — and because the ledger is hash-chained, the integrity of the evidence itself is provable.

  • The SOC 2 control map, generated — not assembled by hand
  • Sealed run records you can verifyChain offline
  • Datapoint provenance: every fact threads back to its source
  • Honest by construction — evidence is generated, never asserted
01 · Humanrisk-ops@nw02 · AgentFraud Triage03 · Skilltriage.v404 · Promptsha 0x3a…05 · Policyapprove≥5k06 · Modelclaude-opus07 · ToollookupCase08 · Artifactmemo #447109 · Outcomeapproved10 · Approvalj.lee
Prove it — don't just claim it

The SOC 2 verdicts you'll see in the demo.

These are not slideware promises — they are the literal codes and receipts the runtime returns when you challenge it against this framework's controls.

gate verdicts ▸ SOC 2
Off-allow-list model rejected403 MODEL_NOT_ALLOWEDenforced
Change blocked by failing testtests failed · no shipenforced
Audit log integrity provenverifyChain ok:trueproven
Confidential field withheld403 read deniedenforced
compliance-pack ▸ generated from the trust ledger · verifiable offline
Getting audit-ready

Three steps from SOC 2 on paper to provable.

  1. 01

    Map

    Pick SOC 2. Cortex lines each obligation up against the runtime gate that enforces it — no spreadsheet archaeology.

  2. 02

    Enforce

    Every agent run passes the same fail-closed gates. A denied control returns a real code (402 / 403 / 409) — never a silent pass.

  3. 03

    Prove

    Export a Compliance Pack: the mapping table plus the sealed ledger records that show each control fired, verifiable offline.

Aligned with — never certified-claimed

SOC 2 is an attestation issued by an independent CPA firm about a specific organization and period. Cortex is aligned with the Trust Services Criteria and supplies controls and tamper-evident evidence for the agent layer; the report is issued to your organization, not to Cortex.

The controls behind the mapping

The Cortex capabilities that satisfy this framework.

Each obligation above is enforced by a real capability in the runtime. Explore the ones that do the work for this framework.

Compliance framing

Built for the frameworks your auditors already cite.

The sealed ledger, signed receipts, and lineage graph map to the obligations across every regime you report against — aligned with, never claiming a certification you don't hold.

EU AI ActNIST AI RMFISO 42001SOC 2HIPAAFINRAIRS Circular 230

Turn SOC 2 from a burden into a button.

See how Cortex maps SOC 2 to enforced controls and exports auditor-grade evidence on demand.