SOC 2 View¶
SOC 2 is an assurance reporting framework based on trust services criteria.
In the Cybersecurity Ontology, SOC 2 primarily maps to Assurance, Safeguards, and Leadership.
Prototype mapping¶
| SOC 2 concept | Ontology mapping |
|---|---|
| Trust services criteria | Safeguards, Assurance |
| Control description | Safeguard |
| Control owner | Leadership |
| Evidence | Assurance |
| Review result | Assurance |
| Findings | Assurance, Leadership |
Interpretation¶
SOC 2 is an assurance view. The ontology adds the broader context of what assets, risks, and safeguards the evidence supports.