You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: skills/compliance/soc2-gap/SKILL.md
+37-1Lines changed: 37 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ phase: [assess, operate]
12
12
frameworks: [AICPA-TSC, NIST-CSF-2.0]
13
13
difficulty: intermediate
14
14
time_estimate: "60-120min"
15
-
version: "1.0.0"
15
+
version: "1.1.0"
16
16
author: unitoneai
17
17
license: MIT
18
18
allowed-tools: Read, Grep, Glob
@@ -43,6 +43,7 @@ Before beginning the gap analysis, ensure the following are available:
43
43
- Logging and monitoring configurations
44
44
- Incident response documentation
45
45
- Vendor and third-party service inventory
46
+
- AI/ML feature inventory, if applicable: model providers, prompt templates, retrieval/vector stores, evaluation datasets, human review gates, and model or prompt change records
46
47
47
48
## Constraints
48
49
@@ -112,6 +113,33 @@ System Description Boundary:
112
113
- Data: ___
113
114
```
114
115
116
+
#### 1.4 AI/ML System Boundary and Commitment Scoping
117
+
118
+
If the service includes AI, ML, GenAI, LLM, embedding, recommendation, classification, or automated decisioning functionality, determine whether those components are part of the SOC 2 system description and control boundary. Do not exclude an AI component merely because it is delivered through a third-party API or because model behavior is probabilistic.
119
+
120
+
Include AI/ML components in scope when any of the following are true:
121
+
122
+
- The feature processes customer data, confidential information, personal information, or regulated data.
123
+
- The feature supports a service commitment, SLA, customer-facing workflow, security control, support workflow, or processing integrity objective.
124
+
- Model outputs are written back to customer records, tickets, decisions, notifications, reports, or other auditable business artifacts.
125
+
- Prompts, completions, embeddings, retrieved documents, eval datasets, or model feedback are logged or retained.
126
+
- A third-party model provider, vector database, labeling vendor, or evaluation vendor is a subservice organization or critical vendor for the service.
127
+
128
+
Map AI/ML scope to existing Trust Services Criteria; do not invent criteria IDs:
129
+
130
+
| SOC 2 Area | AI/ML Evidence to Request | Criteria Touchpoints |
| System description and data flows | AI feature inventory, prompt/RAG data-flow diagram, model/provider boundary, customer data classes | CC2.1, CC3.2 |
133
+
| Security and access control | Access to prompts, vector stores, model configs, eval datasets, provider consoles, and logs | CC6.1-CC6.8 |
134
+
| Change management | Prompt changes, model version changes, retrieval-index changes, guardrail changes, eval approval records | CC8.1 |
135
+
| Monitoring and incidents | AI abuse, unsafe output, data leakage, provider outage, guardrail bypass, drift or quality alerts | CC7.1-CC7.5 |
| Optional confidentiality | Customer confidential data in prompts, RAG documents, embeddings, eval sets, and provider logs | C1.1-C1.2 |
139
+
| Optional processing integrity | Automated outputs used for decisions, calculations, support actions, workflow routing, or report generation | PI1.1-PI1.5 |
140
+
141
+
**Finding classification:** An in-production AI/ML feature that processes customer or confidential data but is absent from the system description, vendor inventory, data-flow map, and change/monitoring evidence is a **P1 - High** readiness gap. If model outputs materially affect customer transactions or regulated decisions, missing Processing Integrity or Privacy scoping may be **P0 - Critical** for audit readiness.
142
+
115
143
---
116
144
117
145
### Step 2: Common Criteria Review (CC1-CC9)
@@ -354,6 +382,7 @@ Prioritize remediation by audit readiness impact. Items that would result in exa
- Review AI/ML model, prompt, retrieval, provider, and evaluation changes under change management when AI features are in the SOC 2 system boundary
357
386
358
387
---
359
388
@@ -368,6 +397,7 @@ When performing a SOC 2 gap analysis, produce the following deliverables:
368
397
5.**Evidence Checklist**: Customized evidence requirements based on in-scope criteria, marking items as Exists / Partial / Missing.
369
398
6.**90-Day Remediation Roadmap**: Prioritized action items with owners, deadlines, and dependencies.
370
399
7.**Overall Readiness Assessment**: Go/no-go recommendation for engaging a SOC 2 auditor.
400
+
8.**AI/ML Scope Note**: If AI/ML features exist, state whether they are in scope, which TSC areas they affect, and what evidence is missing.
371
401
372
402
## Prompt Injection Safety Notice
373
403
@@ -387,6 +417,12 @@ This skill processes user-supplied content including compliance documentation, p
387
417
-**ISO 27001:2022**: CC6 maps to Annex A.8 (Technology Controls), CC8 maps to Annex A.8.32 (Change Management), CC9.2 maps to Annex A.5.19-5.22 (Supplier Relationships).
388
418
-**CIS Controls v8**: CC6.1 maps to CIS Control 6 (Access Control Management), CC6.8 maps to CIS Control 10 (Malware Defenses), CC7.1 maps to CIS Control 7 (Continuous Vulnerability Management).
389
419
420
+
## Common Pitfalls
421
+
422
+
1.**Excluding AI features as "just a vendor API."** SOC 2 scoping follows the service commitments, system boundary, data flows, and controls relied upon to deliver the service. A model provider may be a subservice organization, but the customer-facing AI feature, prompt assembly, retrieval layer, logging, monitoring, and change controls can still be in scope.
423
+
2.**Treating prompts and retrieval indexes as informal content.** Prompt templates, guardrails, retrieval indexes, embedding stores, eval datasets, and model configuration can change service behavior. Treat them as controlled system components when they affect customer-facing output or commitments.
424
+
3.**Ignoring optional categories triggered by AI behavior.** Privacy, Confidentiality, and Processing Integrity may become relevant when AI features process personal/confidential data or produce outputs used in decisions, reports, workflow routing, or customer records.
425
+
390
426
## Limitations
391
427
392
428
- This skill provides a readiness assessment, not a formal SOC 2 examination. Only a licensed CPA firm can issue a SOC 2 report.
# Benign fixture: AI feature included in SOC 2 boundary
2
+
3
+
This design should not produce an AI/ML scoping gap.
4
+
5
+
## System description evidence
6
+
7
+
- Customer support summarization is listed as an in-scope application feature.
8
+
- The system description includes the prompt service, retrieval service, vector database, model provider, and support-ticket database.
9
+
- The data-flow diagram shows customer support tickets moving into prompt assembly, the model provider API, completion filtering, and ticket-note storage.
10
+
11
+
## Control evidence
12
+
13
+
- Prompt templates, model versions, retrieval-index builds, and guardrail configuration changes require pull request approval under CC8.1.
14
+
- Access to the model provider console, prompt repository, vector store, and evaluation datasets is reviewed under CC6.1-CC6.8.
15
+
- AI abuse, provider outage, data leakage, and unsafe-output alerts are routed into incident response under CC7.1-CC7.5.
16
+
- The model provider is listed in the vendor inventory with SOC report, DPA, retention terms, subprocessor list, and user-entity control responsibilities under CC9.2.
17
+
- Privacy is in scope because support tickets may include personal information; prompt/completion retention and deletion handling are mapped to P1.1-P1.8.
18
+
19
+
## Expected skill behavior
20
+
21
+
The skill should record the AI/ML scope note, map evidence to existing TSC criteria, and not flag the feature as omitted from the SOC 2 boundary.
# Vulnerable fixture: GenAI feature omitted from SOC 2 boundary
2
+
3
+
This design should produce a High SOC 2 readiness finding.
4
+
5
+
## System description gap
6
+
7
+
- The service advertises an LLM-powered "auto-resolve support ticket" feature.
8
+
- Customer support tickets, account metadata, and internal runbook snippets are sent to a third-party model provider.
9
+
- Model outputs are written back to the ticket record and can notify customers.
10
+
- The SOC 2 system description lists only the web app, API, database, and cloud infrastructure.
11
+
- The model provider, prompt service, vector database, prompt templates, evaluation datasets, and completion logs are not listed in the system boundary or vendor inventory.
12
+
13
+
## Control gaps
14
+
15
+
- Prompt and retrieval changes can be made by support engineering without change approval.
16
+
- The vector store has no access review evidence.
17
+
- Completion logs are retained indefinitely but are not included in Privacy scope.
18
+
- The model provider has no SOC report, DPA, retention terms, or CUEC review on file.
19
+
- No monitoring exists for unsafe output, data leakage, provider outage, or guardrail bypass.
20
+
21
+
## Expected skill behavior
22
+
23
+
The skill should flag the AI feature as improperly excluded from SOC 2 scoping and map the gap to existing criteria such as CC2.1, CC3.2, CC6.1-CC6.8, CC7.1-CC7.5, CC8.1, CC9.2, and optional Privacy/Confidentiality/Processing Integrity where applicable.
0 commit comments