Skip to main content
SOC 2: All controls

Templated controls pre-mapped to SOC 2 criteria spanning all 5 TSCs

Updated over 10 months ago

HERE'S WHY


In preparation for your SOC 2 audit, you will put controls in place that map back to the SOC 2 criteria in order to demonstrate your company's security posture. This page allows you to link evidence directly to those controls in order to demonstrate accordance with the framework.

BEFORE DIVING IN

Only account administrators or information security leads have access to this section within Drata.

HERE'S HOW/ LEARN MORE

On the SOC 2 framework page, you will note on the left column the ability to navigate to a specific Trust Service Criterion (TSC). If you select a particular TSC, you will see all of the controls mapped to that specific TSC.

You should consult with your auditor to determine the TSC to include in your audit. Security is the only required TSC, however many opt to include additional TSC based on the needs and structure of their company.

If you opt not to include certain controls, you can mark them 'Out of Scope'. Follow this guide to learn how.

On this page, you also have the ability to filter to those controls that have evidence continuously monitored within Drata via our Autopilot technology. View this guide for more information on continuous automated monitoring within Drata.

Finally, you can filter to those controls that have evidence mapped to them and those that don't yet have evidence connected.

Did this answer your question?