SOC 2 Integrations & Evidence Collection

Evidence Collected:

• IAM policy documents and user access reviews
• S3 bucket policies and encryption status
• VPC security group rules and network ACLs
• CloudTrail audit logs and CloudWatch alerts
• AWS Config compliance snapshots

Evidence Collected:

• Azure AD user and group configurations
• RBAC role assignments and access reviews
• Network security group rules
• Azure Security Center recommendations
• Activity logs and diagnostic settings

Evidence Collected:

• Cloud IAM policies and service account keys
• VPC firewall rules and organization policies
• Cloud Storage bucket IAM and encryption
• Cloud Audit Logs and Security Command Center
• Asset inventory and configuration snapshots

Evidence Collected:

• Admin console audit logs
• User 2-step verification status
• OAuth app access and third-party permissions
• Drive sharing settings and external access
• Security investigation tool reports

Evidence Collected:

• System log events and admin activities
• MFA factor enrollment reports
• Application assignment and access policies
• User provisioning and deprovisioning logs
• Password and authentication policies

Evidence Collected:

• Sign-in and audit logs
• Conditional access policy configurations
• MFA registration and usage reports
• Guest user access reviews
• Microsoft Secure Score assessments

Evidence Collected:

• Repository access permissions and collaborators
• Branch protection rule configurations
• Pull request and code review requirements
• Dependabot and security advisory alerts
• Audit log events and SAML SSO status

Evidence Collected:

• Project and group member access
• Merge request approval rules
• CI/CD pipeline configurations
• Container registry vulnerability scans
• Audit events and compliance reports

Evidence Collected:

• Issue and change request workflows
• Project role and permission schemes
• Audit logs for configuration changes
• Sprint and release documentation
• User access and group memberships

Evidence Collected:

• Workspace audit logs and access logs
• App and integration permissions
• Data retention and export settings
• External sharing and guest access
• Enterprise Grid security settings

Evidence Collected:

• Teams admin center audit logs
• Guest access and external sharing settings
• App permission policies and approvals
• Meeting policies and recording settings
• Sensitivity labels and information barriers

Evidence Collected:

• Account and admin activity reports
• Meeting security settings and defaults
• Recording storage and access controls
• SSO and authentication configurations
• User role and privilege assignments

Evidence Collected:

• Endpoint protection deployment status
• Detection and prevention events
• Sensor health and update compliance
• Incident investigation timelines
• Policy configurations and exceptions

Evidence Collected:

• Dashboard and alert configurations
• Log retention and access policies
• Security monitoring rules and signals
• User access and API key management
• Compliance and audit trail reports

Evidence Collected:

• Index and source type configurations
• Saved searches and alert actions
• User access and role-based permissions
• Data retention and archival policies
• Compliance and audit reports

Evidence Collected:

• Database user and role configurations
• Network access and IP whitelisting
• Encryption at rest and in transit settings
• Audit log configurations and exports
• Backup and point-in-time recovery settings

Evidence Collected:

• Security group and network ACL rules
• Encryption configuration and key management
• Parameter group security settings
• IAM database authentication status
• Slow query and general logs

Evidence Collected:

• User and role configurations
• Data sharing and marketplace policies
• Network policies and private connectivity
• Query history and access patterns
• Masking and row access policies