SOC 2 evidence

SOC 2 Type II audits ask for evidence that controls actually operated over a period. Building that evidence by hand is full-time work. The Suite ships an evidence-collection module that runs nine controls on declarative cadences and produces a dated JSON record for each — auditor-ready, no manual screenshots.

SOC 2 controls
Control register.
At a glance — Nine pre-seeded controls covering Common Criteria + Availability + Confidentiality. Hourly cron walks each control on its cadence (daily/weekly/monthly/quarterly). Each run produces a deterministic JSON evidence record. Auditor exports a 90-day pack as a single JSON.

Pages in this section

Why this matters

SOC 2 evidence
Automated evidence collection.

A SOC 2 Type II audit costs USD 30-70k and takes 12 months. The auditor spends most of those months asking for evidence that the controls existed and worked. If you can answer every ask with a one-click JSON export, the audit completes faster and cheaper. If you can't, you pay the auditor to chase you.

This module costs nothing (it's part of the base Suite). Comparable SaaS tools (Vanta, Drata, Tugboat Logic) charge USD 7-25k per year per seat.

See also

Was this page helpful?