Sector Framework

SOC 2

Service Organization Controls 2

The AICPA audit framework for technology service providers. Evaluates controls across Security, Availability, Processing Integrity, Confidentiality and Privacy.

Manage SOC 2 with ermine Talk to an expert

SOC 2 (System and Organization Controls 2) is an audit framework developed by the AICPA for technology and SaaS service providers. While voluntary, it is a standard contractual requirement in the US enterprise market and increasingly in Europe.

Trust Service Criteria (TSC)

  • Security (required): controls against unauthorized access
  • Availability: system available for operation and use
  • Processing Integrity: processing is complete, valid and timely
  • Confidentiality: information designated as confidential is protected
  • Privacy: personal information collected, used and retained per commitments

Report types

  • Type I: design of controls at a point in time
  • Type II: operating effectiveness over a period (typically 6–12 months)

ermine and SOC 2

ermine maps SOC 2 controls against your infrastructure, manages continuous evidence collection for the audit period and generates reporting for external auditors.

What does SOC 2 cover in ermine?

Pre-configured templates and workflows for each area of the standard.

Pre-configured template

Controls, risks and evidence ready to adapt to your organization.

Cross-framework mapping

Reuse controls between SOC 2 and other regulations you already comply with. One evidence, multiple frameworks.

Automatic evidence

Collection from your current integrations: Drive, Excel, ERP, CRM, email.

Roles & responsibilities

Assign owners, recorders and auditors per control or procedure.

Reports & declarations

Generate SoA, audit reports and dashboards for your board.

External audit access

Grant granular access to external auditors without exposing sensitive data.

How ermine helps with SOC 2

Up and running in 2 weeks

SOC 2 template imported in your tenant from day one.

Automatic mapping

Reuse controls between SOC 2 and other regulations. One evidence, multiple frameworks.

Evidence & audit

Generate reports and statements of applicability automatically. Your team decides, doesn't chase PDFs.

SOC 2

Ready to implement SOC 2?

Free 30-minute demo. We show you how ermine would fit your organisation.

  • Template ready in your tenant from day 1
  • Cross-mapping with regulations you already comply with
  • Demo tailored to your sector and company size

Request your demo

No commitment. We reply within 24 h.

By submitting, you accept our privacy policy.

Keep exploring

IS

ISO 27001

The international standard for Information Security Management Systems. It defin...

IS

ISO 31000

The international framework for risk management in any type of organization. Pri...

IS

ISO 9001

The world's most widely adopted quality management standard. It defines requirem...