SOC 2 Type II · AI controls evidence

Your SOC 2 covers the platform.
Who covers the AI features?

Vanta and Drata automate evidence collection for the classic Common Criteria — access, change management, monitoring. Then your auditor (or your customer's CISO) asks how you control the LLM features you shipped this year. That section doesn't auto-collect. We give you the evidence pack that plugs into your existing SOC 2 program.

→ See the two paths Templates pack — €97

The Common Criteria your auditor maps AI risk to

SOC 2 doesn't have an "AI section" yet. What auditors actually do is map AI-related risks onto existing Trust Services Criteria — usually CC3 (risk assessment), CC6 (logical access and data), CC7 (monitoring and incident response). Below are the questions clients tell us keep coming back from their auditor's PBC list.

CC3.2 · Risk identification

AI-specific risk register

The entity identifies risks that could affect achievement of objectives — including risks introduced by third-party model providers, prompt injection, hallucination affecting users, and PII leakage to LLM APIs.

"Show us your AI risk register and the controls you put in place for each row."
CC6.1 · Logical access

Who can call the model — and with what data

Logical access controls restrict access to information assets. For LLM endpoints this means: which services hold the API key, what data classes can be sent in a prompt, and how that's enforced in code, not just in policy.

"Show the technical control that prevents customer PII from being sent to OpenAI in a prompt."
CC7.2 · System monitoring

Logged, retrievable AI interactions

The entity monitors system components and the operation of those components for anomalies indicative of malicious acts, natural disasters, and errors. Auditors want to see actual log records — model, prompt hash or redacted prompt, latency, output classification, user identifier.

"Pull a 30-day sample of LLM calls. Show the fields. Demonstrate retention."
CC7.3 · Incident response

Process for an AI-driven incident

Examples your auditor will probe: a hallucinated output reaches a user; a prompt injection exfiltrates data; the model provider has a 4-hour outage. Each needs a documented detection path, a runbook, and an evidence trail of the last test or tabletop.

"Show the runbook for an AI-output-related customer incident, plus evidence it was reviewed in the last 12 months."
CC9.2 · Vendor management

Subprocessor evidence for the model

Anthropic, OpenAI, Mistral and Azure OpenAI are subprocessors. Auditors want their SOC 2 / ISO reports on file, mapping of the data you send each one, and the relevant DPA executed.

"Provide the SOC 2 report and DPA for each model provider in your stack."

Where this fits in your existing SOC 2 program

You probably already have a GRC platform doing the heavy lifting. We don't replace it — we hand it the AI-shaped evidence it doesn't know how to collect on its own.

Stays in place

Vanta · Drata · Secureframe

  • Cloud config monitoring (AWS / GCP / Azure)
  • HR onboarding & offboarding evidence
  • Endpoint, IdP, MFA evidence
  • Vendor list & SOC 2 report storage
  • Auditor PBC workflow
What we add

AuditAI evidence pack

  • AI risk register mapped to CC3 / CC6 / CC7
  • SDK-level call logs with retention proof
  • AI incident response runbook
  • Prompt-injection & PII-leakage test plan
  • Model subprocessor matrix

Two paths to audit-ready

Both paths produce the same end artifact: an evidence pack you upload to Vanta/Drata as a "control narrative + evidence" bundle, ready for your auditor to walk. The difference is who writes the narrative.

Self-serve · Instant

Templates pack

€97 one-time · delivered to your inbox
  • AI risk register template (Excel + Markdown)
  • Control narratives for CC3.2 / CC6.1 / CC7.2 / CC7.3 / CC9.2
  • Incident response runbook (AI variant)
  • Subprocessor matrix template
  • Sample auditor walkthrough script
Get the templates →
Done-for-you · 5 business days

Managed evidence pack

€199 one-time · tailored to your stack
  • 30-min stack interview (model providers, data classes, deployment)
  • Risk register filled in for your specific use case
  • Control narratives that name your services & flows
  • Sample log schema mapped to CC7.2 evidence requirements
  • Auditor-ready PDF + editable source files
Start the managed pack →

Buy the templates first, decide you want it done for you? We credit the €97 against the managed pack. One email: marc@auditaisdk.com.

Where this sits in the market

The honest version. Big GRC platforms cover a much wider scope; AI-specific consultancies cover deeper engagements. We're the narrow, fast option for the AI section specifically.

Capability AuditAI GRC platform alone AI-risk consultancy
Cost€97 – €199€8k – €30k / yr€20k – €100k
Time to evidenceSame weekMonths8 – 12 weeks
AI risk registerPre-mapped to TSCGeneric templateCustom
SDK-level call logsBuilt inNot collectedRecommended only
Replaces SOC 2 auditNo, plugs into yoursNo, just evidenceNo, advisory
Updates as ISO 42001 / EU AI Act matureVersioned releasesSlowFixed engagement

What auditors and CISOs actually ask us

Will my SOC 2 auditor accept this?
The pack contains evidence and narratives, not an audit opinion. Your auditor still walks the controls — we map the artifacts they want to see (logs, runbook, risk register) onto the Common Criteria they're already testing. We've designed the structure around what the AICPA's 2024 SOC for AI guidance and ISO 42001 emphasize. If your auditor wants a specific format, you can edit the source files we ship.
We already use Vanta. Does this conflict?
No. Vanta and similar platforms collect operational evidence (cloud config, HR, endpoint). They don't collect prompt-level logs or write your AI risk register for you. The pack lives inside your Vanta workspace as control narratives uploaded against the relevant TSC controls.
Do you do the SOC 2 audit itself?
No — we are not a CPA firm and would never claim to issue a SOC 2 report. We give you the AI-specific evidence and narratives so your existing auditor (Prescient, Insight, A-LIGN, Sensiba, etc.) has something concrete to test for the AI section.
My customer asked about both SOC 2 and EU AI Act. One pack?
Yes — we maintain a crosswalk between the EU AI Act articles (Annex IV, Article 14, Article 26) and SOC 2 Common Criteria. The same call logs, risk register and incident runbook satisfy both, just labeled and bundled differently. Tell us in the 30-min interview and the managed pack ships in both shapes.
What if I haven't started SOC 2 yet?
Then this is early. Get your GRC platform stood up first (Vanta, Drata, Secureframe — pick one), close out the basics, and come back when your auditor's PBC list lands on your AI features. We can hold the templates pack delivery if you ask.
We use OpenAI / Anthropic / Bedrock — do you cover Bedrock?
Yes. The SDK pip install auditai-sdk wraps Anthropic, OpenAI, Bedrock, Vertex and Ollama. The control narratives reference whichever you actually use, named explicitly. If you need Azure OpenAI added, mention it in the interview — that adapter shipped in v0.4.
Does this also satisfy ISO 42001?
A meaningful portion. ISO 42001 (the AI management system standard) overlaps heavily on risk register, incident response and supplier management. We mark in the templates which clauses of 42001 each artifact maps to. We do not certify ISO 42001 — that is a registrar's job — we give you evidence a registrar would accept.
Who's behind this?
Marc Dubois — built AuditAI after watching B2B SaaS deals get stuck in procurement over the AI section of SOC 2 and the EU AI Act. The SDK is open-source on GitHub; the evidence pack is the productized version of what we ship paying clients. Contact: marc@auditaisdk.com.