Skip to content
GLACIS GLACIS Documentation

SOC 2

SOC 2 defines Trust Service Criteria (TSC) for security, availability, processing integrity, confidentiality, and privacy.

Trust Service Criteria

CategoryDescriptionGLACIS Support
SecurityProtection of systemsAttestation integrity
AvailabilitySystem availabilityMonitoring attestations
Processing IntegrityComplete, accurate processingRequest/response logging
ConfidentialityProtection of confidential dataZero-egress design
PrivacyCollection and use of personal dataPII detection

Mapping to ISO 42001

SOC 2ISO 42001GLACIS Feature
CC1.1A.2.1Governance policy
CC3.1A.4.1System identification
CC3.2A.5.1Risk assessment
CC7.1A.6.2.6Monitoring (attestations)
CC7.2A.8.4Incident response

Using GLACIS for SOC 2

  1. Map ISO 42001 controls to SOC 2 criteria
  2. Enable attestation monitoring
  3. Configure policy checks (PII, toxicity)
  4. Generate evidence for auditors
  5. Export OSCAL reports

Auditor Verification

Auditors can independently verify:

  • Attestation signatures
  • Merkle proofs
  • Sampling coverage
  • Policy enforcement

Next Steps