SOC 2 Trust Services Criteria

Native mapping to CC1.4 (commitment to competence) and CC2.2 (internal communications) with continuous-evidence support for Type II audits.

SOC 2 attestation is increasingly the de-facto baseline for B2B SaaS procurement. Customers who achieve SOC 2 Type II find that the audit process is more rigorous than the Type I and the evidence requirements significantly more demanding.

GetCheckmark's SOC 2 reporting maps natively to the Trust Services Criteria most relevant to security awareness: CC1.4 (commitment to competence) and CC2.2 (internal communications). The evidence pack is structured to map to the standard auditor work-paper format, reducing the friction of the audit-evidence walkthrough.

Type II audits require continuous evidence — controls operating effectively over the audit period, not just at a point in time. Our continuous-evidence mode produces a structured evidence trail across the audit window, with monthly checkpoints aligned to the auditor's sampling methodology.

We work with most major Big-Four-tier and specialist SOC 2 auditors; auditor-specific evidence templates are configurable per tenant.

How we help

• Native mapping to CC1.4 and CC2.2
• Continuous-evidence mode for Type II audits
• Auditor-specific evidence template configuration
• Pre-audit readiness assessment as an optional professional-services engagement

Talk to us

To discuss your soc 2 trust services criteria security programme, contact team@getcheckmark.com.