AI Controls within SOC 2

American Institute of Certified Public Accountants (AICPA) · SOC 2 Trust Services Criteria · Attestation framework for service organizations.

What it covers

SOC 2 is an attestation framework that evaluates a service organization's controls against five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Type 1 reports describe controls at a point in time. Type 2 reports test operating effectiveness over a period (typically 6 to 12 months).

Most SOC 2 programs were designed before AI systems became common in regulated workflows. As AI moves into customer-facing decisions and data processing pipelines, the existing Common Criteria still apply, but the implementations need to evolve to cover model access, prompt management, training data governance, and model output reconciliation.

Who it applies to

SOC 2 is voluntary but treated as table-stakes for B2B SaaS, fintech, and any service organization selling into mid-market or enterprise procurement. A current SOC 2 Type 2 report is typically required to close enterprise deals. Most procurement teams now ask specifically how AI systems are covered under the existing SOC 2 scope.

The AI-relevant control objectives

• CC6 (Logical and Physical Access Controls) for training data, model artifacts, and prompt repositories
• CC7 (System Operations) for AI system monitoring, alerting, and incident detection
• CC8 (Change Management) for prompt versions, model versions, fine-tuning datasets, and configuration changes
• CC9 (Risk Mitigation) for AI-specific risks including hallucination, prompt injection, and model drift
• Confidentiality criteria for sensitive data flowing through AI systems
• Processing Integrity criteria for AI outputs supporting business decisions

How sitkastack maps to it

• Access control patterns on model inputs → docs/phase-1/02-input-contract.md
• Change management for AI inputs → docs/phase-1/EXTENDING.md
• Risk classification for AI systems → docs/phase-0/01-risk-classification.md
• Privacy and confidentiality controls → docs/phase-1/04-privacy-and-data-handling.md
• Processing integrity through structured outputs → docs/phase-1/03-output-contract.md
• Out-of-scope documentation supporting boundary controls → docs/phase-0/02-out-of-scope.md

What sitkastack delivers under this framework

For SOC 2 programs adding AI scope, sitkastack engagements produce AI-specific control documentation that extends your existing Trust Services Criteria coverage. Deliverables integrate with AuditBoard, ServiceNow GRC, or your equivalent GRC platform. Typical engagements: AI Policy & Risk Pack (AI controls extension for your SOC 2 program), SOC 2 Readiness Sprint (readiness review ahead of your next SOC 2 cycle), or 90-Day AI Build (production AI workflow with SOC 2-ready controls built in).

ISO 27001 note

SOC 2's international parallel is ISO/IEC 27001. Many regulated buyers maintain both. AI-specific controls developed for SOC 2 scope generally extend to ISO 27001 ISMS scope with mapping adjustments. sitkastack engagements supporting ISO 27001-mature organizations adapt the same control patterns to the ISMS documentation conventions.

Honest limitations

sitkastack produces AI-specific control documentation and artifacts that integrate with your existing SOC 2 program. I do not act as a SOC 2 auditor, do not replace your CPA firm, and do not certify SOC 2 effectiveness. Your audit firm and management remain accountable for the SOC 2 attestation.

Talk to me

Questions about how this maps to your environment? Email me.