SOC 2 Trust Services Criteria
SOC 2 ist der häufigste Assurance-Rahmen für SaaS. Diese Zeilen konzentrieren sich auf Kriterien, bei denen Agent-Governance-Aufzeichnungen ein Audit wesentlich unterstützen.
Zitate verwenden das Format Trust Services Criteria aus der kanonischen Matrix.
Abgedeckt
9
Teilweise
6
Nicht abgedeckt
1
| Anforderung | AF | Nachweisart | Status | Notizen |
|---|---|---|---|---|
# CC1.4 The entity demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. | AF-2, AF-7.5 | agent_owners.verification_status='verified' (proves the human owner was actively confirmed) | Teilweise | Human-side competence is tenant HR. Agent-side qualification (validated model + skills + prompts) is tracked in AF-7.5. |
# CC1.5 The entity holds individuals accountable for their internal control responsibilities in pursuit of objectives. | AF-2, AF-7.6 | agent_owners row with role='primary' is the named-accountable record per agent | Teilweise | Primary-owner accountability is in AF-2. Executive-sponsor accountability for high-risk agents is AF-7.6. |
# CC2.1 The entity obtains or generates and uses relevant, quality information to support the functioning of internal control. | AF-1 | agent_action_events ledger — append-only, slug-FK to canonical vocabulary, decision-bearing per ADR-044 | Abgedeckt | The ledger is the system of record for what agents actually did. Quality is enforced by FK integrity (vocabulary, agent identity) and trigger-enforced append-only. |
# CC3.4 The entity identifies and assesses changes that could significantly impact the system of internal control. | AF-3 | agent_charters.supersedesCharterId (version chain); agent_charters.reviewDueAt (next required review) | Abgedeckt | Every charter change creates a new row that points back to its predecessor. The hash + version chain is the change-impact record. |
# CC4.1 The entity selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. | AF-1, AF-2 | Ledger queryability (per-agent, per-decision, per-time); agent_owners.verification_status row count by status (audit-visible signal) | Abgedeckt | Both ongoing (live ledger) and point-in-time (verification_status snapshot) evaluations are supported. |
# CC4.2 The entity evaluates and communicates internal control deficiencies in a timely manner. | AF-6 (detect), AF-7.7 (workflow) | agent_action_events.decision='blocked' rows are the deficiency signal | Teilweise | Deficiency detection is automatic via AF-6. Deficiency communication + corrective action workflow is AF-7.7. |
# CC5.2 The entity also selects and develops general control activities over technology to support the achievement of objectives. | AF-6, AF-1 | AF-6 preflight evaluator (control); agent_action_events.decision written back (record) | Abgedeckt | The preflight + ledger pair is the canonical AI-agent control activity. |
# CC7.1 The entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities. | AF-1, AF-3 | agent_charters.supersedesCharterId chain (config-change record); agent_action_events (live monitoring) | Abgedeckt | Charter version chain detects intent changes; ledger detects behavioral changes. |
# CC7.2 The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analyzed. | AF-1, AF-6 | agent_action_events.decision='blocked' (refused action); decision='escalated' (suspicious action awaiting human review) | Abgedeckt | ADR-044 cites this requirement directly. The decision column is the anomaly signal; ledger queries are the analysis surface. |
# CC7.3 The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures. | AF-7.3 | — | Teilweise | AF-1 ledger captures the events. Security-event evaluation workflow (incident triage, link to specific ledger entries) is AF-7.3. |
# CC7.4 The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents. | AF-7.3, AF-7.7 | — | Teilweise | Incident response program is AF-7.3 + AF-7.7. AF-1/AF-6 supply the inputs. |
# CC8.1 The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives. | AF-3 | agent_charters.signedByOwnerId + signedByOwnerAt (authorization); supersedesCharterId chain (history); charterHash (integrity); status lifecycle (draft → signed → active → retired) | Abgedeckt | The charter lifecycle is the per-agent change-management process. Each transition is timestamped and authorized; the hash provides integrity. |
# CC9.1 The entity identifies, selects, and develops risk mitigation activities for risks arising from potential business disruptions. | AF-3, AF-4, AF-6 | Charter mayNotActions + approvalRequirements; statement bindings (AF-4) controlling acceptable behaviors; AF-6 enforcement | Abgedeckt | The three together — declared prohibitions, bound governance statements, runtime enforcement — are the mitigation stack. |
# A1.2 (Availability) The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data backup processes, and recovery infrastructure to meet its objectives. | AF-7.1 (controlled-disable dimension only) | — | Teilweise | The kill-switch (AF-7.1) is the controlled-disable side of availability. System-level availability (uptime, ledger-write SLA, recovery infrastructure) is tenant-wide infra, addressed elsewhere in the Dictiva observability stack. Not tracking in AF-7. |
# PI1.4 (Processing Integrity) The entity implements policies and procedures to make available or deliver output completely, accurately, and timely in accordance with specifications to meet the entity's objectives. | AF-6 | AF-6 preflight enforcement; agent_action_events rows with decision='allowed' represent integrity-checked outputs | Abgedeckt | AF-6 is the integrity gate for agent-produced output. Charter mayNotActions declares what's out-of-spec; preflight enforces. |
# C-series and P-series (Confidentiality and Privacy) Encryption at rest/in transit, retention limits, DSAR processes, data classification, third-party data sharing controls. | None (tenant-wide) | — | Nicht abgedeckt out of AF scope | These categories are tenant-wide infrastructure controls — not addressable at the AF layer. The agent_charters.dataAccess[] field exposes which data classes an agent reaches into so a customer's tenant-wide data-classification regime can pin the agent's exposure, but the controls themselves live elsewhere in the platform. Not tracking in AF-7. |
Framework-Details
Öffentliche Lückenverweise
Lücken-Badges pro Zeile verlinken auf das öffentliche AF-7-Elternepos, statt interne Sub-Issue-Nummern offenzulegen.