Framework program
SOC 2 Trust Services Criteria evidence template.
This is a reusable framework module. It defines source authority, native identifier patterns, collector fit, expected evidence, manual evidence gates, and deployment posture before any client project is created.
next seed2017 TSC with revised points of focus - 2022SOC 2
Template status
planned
AICPA Assurance Services Executive Committee
Seed rows
18
Source-native requirement rows
Native examples
3
Stored without normalization loss
Collectors
3
document, configuration, manual-upload
Deployment fits
3
SaaS, private, appliance, runner
Native source contract
Keep the framework’s identifiers intact
CC6.1
Evidence maps to this native reference first, then to any shared ControlFrame control spine or cross-framework reuse.
CC7.2
Evidence maps to this native reference first, then to any shared ControlFrame control spine or cross-framework reuse.
A1.2
Evidence maps to this native reference first, then to any shared ControlFrame control spine or cross-framework reuse.
Automated evidence
Collector lanes to build
cloud configuration tests
IdP/MFA and access review exports
ticket/change samples
repository branch protection evidence
monitoring/incident workflow evidence
Manual or human-gated evidence
Do not fabricate these artifacts
system description
management assertions
policy approvals
population/sample support
auditor PBC responses