Coming Q2 2026

SOC 2 compliance,built for service organisations.

SOC 2 Type II readiness powered by the same autonomous risk intelligence engine that drives ONTRACE.AI's ISO 27001 support. Continuous evidence collection, automated control monitoring, and audit-ready reporting.

5 Trust Services Criteria

Type I & Type II support

Q2 2026 launch target

Framework Overview

What is SOC 2?

SOC 2 (System and Organisation Controls 2) is a voluntary compliance framework developed by the AICPA (American Institute of Certified Public Accountants). It's designed for service organisations that store, process, or transmit customer data in the cloud.

Unlike ISO 27001 which prescribes specific controls, SOC 2 is principle-based — auditors assess whether your controls effectively achieve the Trust Services Criteria, giving organisations flexibility in how they demonstrate compliance.

SOC 2 Type I assesses whether controls are suitably designed at a point in time. SOC 2 Type II assesses whether those controls operated effectively over a period (typically 6–12 months) — the standard most enterprise buyers require.

Required by US enterprise buyers and SaaS procurement teams

Supports GDPR "appropriate technical measures" documentation

Type II report covers a minimum 6-month observation period

Significant overlap with ISO 27001 controls — build once, satisfy both

Trust Services Criteria

CCSecurity

Required

Common criteria covering access control, change management, risk mitigation, and monitoring. Required for all SOC 2 reports.

AAvailability

Performance monitoring, disaster recovery, and incident response. Systems perform as committed to users.

PIProcessing Integrity

System processing is complete, accurate, timely, and authorised. Relevant for transactional systems.

CConfidentiality

Information designated as confidential is protected as committed. Critical for B2B SaaS handling customer data.

PPrivacy

Personal information is collected, used, retained, disclosed, and disposed of in conformity with commitments.

ONTRACE.AI SOC 2 Support

Audit-ready from day one of your observation period.

When SOC 2 support launches in Q2 2026, ONTRACE.AI will bring the same autonomous evidence collection and continuous monitoring capabilities that power our ISO 27001 module.

Evidence Automation

Continuous collection and mapping of audit evidence to SOC 2 Trust Services Criteria — no manual gathering before audits.

Continuous Monitoring

Automated checks against your SOC 2 controls running 24/7, surfacing gaps before auditors do.

Change Management Tracking

Log and review changes to systems in scope, satisfying the Common Criteria change management requirements.

Access Review Workflows

Periodic access reviews and user provisioning/deprovisioning workflows mapped to CC6 logical access controls.

Available Now

ISO 27001 is live — and covers significant SOC 2 ground.

ISO 27001 and SOC 2 share substantial control overlap — particularly around access control, incident response, availability, and change management. Starting your ISO 27001 journey now positions you well for SOC 2 when it launches.

Be First in Line

SOC 2 support is coming.
Get notified at launch.

Join the waitlist for SOC 2 support. When it launches in Q2 2026, you'll be first to access the same autonomous evidence collection and continuous monitoring that drives our ISO 27001 module.