Documentation
SOC 2 Compliance Guide
How SOCWarden maps to the SOC 2 Trust Service Criteria and NIST CSF 2.0 framework.
What is SOC 2?
SOC 2 (System and Organization Controls 2) is an auditing framework developed by the AICPA that evaluates how organizations manage customer data based on five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy. Unlike SOC 1 which focuses on financial reporting controls, SOC 2 is specifically designed for technology and SaaS companies that store, process, or transmit customer information.
A SOC 2 audit results in either a Type I report (point-in-time assessment of control design) or a Type II report (assessment of control effectiveness over a period, typically 6-12 months). Most enterprise buyers require SOC 2 Type II as a prerequisite for vendor selection. SOCWarden provides the continuous monitoring, audit trail, and detection capabilities that map directly to the Trust Service Criteria — helping your organization demonstrate compliance to auditors.
SOC 2 Trust Service Criteria Mapping
The table below maps each relevant SOC 2 Common Criteria and supplemental criteria to the specific SOCWarden features that address them.
| Criteria | SOCWarden Feature |
|---|---|
| CC6: Logical and Physical Access Controls | API key management, RBAC (Owner/Admin/Member/Viewer), 2FA enforcement |
| CC7: System Operations | Real-time event monitoring, 25 alert types, automated detection pipeline |
| CC8: Change Management | Audit logs, event types tracking, server agent monitoring |
| A1: Availability | Uptime monitoring, application metrics, queue depth alerts |
| PI1: Processing Integrity | Event validation (regex), idempotency, rate limiting, payload size limits |
NIST CSF 2.0 Mapping
The NIST Cybersecurity Framework 2.0 organizes security activities into six core functions. SOCWarden provides coverage across all six.
| Function | SOCWarden Coverage |
|---|---|
| Identify (ID) | Asset inventory via server fleet, event type discovery, API key scoping |
| Protect (PR) | IP blocklist/watchlist, authorized origins, rate limiting, CORS |
| Detect (DE) | 18 enricher detections, 8 request anomaly patterns, ML behavioral |
| Respond (RS) | Alert queue, incident management, Block IP/Suspend Actor actions |
| Recover (RC) | Data retention, R2 archival, monthly security digest |
| Govern (GV) | RBAC, audit logs, compliance dashboard, team management |
Getting Started
To enable compliance features, you need a Business plan. Follow these steps to configure your compliance dashboard.
Upgrade to Business plan
Navigate to Settings > Billing and upgrade to the Business plan. This unlocks the compliance dashboard, SIEM forwarding, and extended data retention.
Enable audit logging
Go to Settings > Compliance and toggle on audit log retention. All team member actions (API key creation, role changes, alert acknowledgements) are recorded with timestamps and actor context.
Configure SIEM forwarding
Set up Splunk HEC or Datadog integration in Settings > Integrations > Data Export. This provides an immutable external copy of all security events for your auditors.
Set up notification channels
Configure PagerDuty or MS Teams notifications (Business plan) to ensure your security team is alerted in real-time for high-severity events.
Review the compliance dashboard
Access the Compliance tab in your dashboard to view your SOC 2 and NIST CSF coverage status, open gaps, and recommended actions.