SOC 2 Type II — Evidence Dashboard
Automated evidence collection for your annual SOC 2 Type II audit.
Connect the soc2-evidence service to enable auditor exports.
Audit in progress
Period: Jan 1, 2026 – Dec 31, 2026
5
Evidenced
1
In Progress
0
Findings
Trust Service Criteria
CC1
EvidencedControl Environment
Integrity, ethical values, board oversight, org structure, and accountability.
5 controlsLast collected: May 15, 2026
CC2
EvidencedCommunication & Information
Internal and external communication, reporting obligations, AI disclosures.
3 controlsLast collected: May 15, 2026
CC6
EvidencedLogical Access Controls
WorkOS SSO/MFA, RBAC enforcement, access provisioning and removal, encryption.
6 controlsLast collected: May 19, 2026
CC7
In ProgressSystem Operations
Vulnerability detection, monitoring, security event evaluation, incident response.
4 controlsLast collected: May 10, 2026
CC8
EvidencedChange Management
All changes require PR approval and passing CI before merging to main.
1 controlLast collected: May 19, 2026
A1
EvidencedAvailability
99.9% uptime SLA, RDS multi-AZ, 7-day backups, RPO < 1h, RTO < 4h.
3 controlsLast collected: May 19, 2026
Findings
No findings
All evidenced controls are operating effectively. Run evidence collection to refresh.
| Control | Finding | Severity | Identified | Status |
|---|---|---|---|---|
| No findings for this audit period | ||||