10 Documents. 12 AI-Specific Controls. Audit-Ready.

Your Enterprise Prospect Asked for SOC 2
Standard Playbooks Miss the AI Part

Standard SOC 2 prep tools get you 70% of the way - but they were written before AI existed. The other 30% is what your auditor actually cares about: how you handle training data, tenant isolation, prompt injection, and model vendor management. This kit covers both.

Get the Kit - $497 See What's Inside

What Generic SOC 2 Templates Miss

SOC 2 was designed for traditional cloud infrastructure. The Trust Services Criteria were written when "compute" meant virtual machines and "data processing" meant relational databases. Auditors have been applying these criteria to AI systems for the past few years, and the questions they're asking have evolved faster than the compliance tooling.

Training data governance is the most common gap. How do you document lawful basis for using personal data in model training? How do you demonstrate data minimization when your model was trained on a large corpus? How do you handle data deletion requests when the data affected model weights? These questions don't have clear answers in the standard SOC 2 criteria, but auditors are asking them for AI companies - and you need documented controls regardless.

Tenant isolation is another area where AI systems require additional evidence. For traditional SaaS, logical data separation is a database design question. For AI systems using shared model endpoints, shared context windows, or shared vector databases, the isolation question is architecturally different. Your auditor wants to see documentation of how you prevent cross-tenant contamination at the model layer, not just the database layer.

The 12 AI-specific controls in this kit were compiled from actual SOC 2 audit experience with AI companies - the questions auditors ask, the evidence they request, and the documentation that satisfies them. The evidence collection map tells you exactly what to collect for each of the 83 standard + 26 AI-specific items before your auditor asks for them.

What's Inside

Six deliverables covering standard SOC 2 prep and the AI-specific controls your auditor will actually ask about.

12 AI-Specific SOC 2 Controls Guide

3,800 words. The 12 controls your auditor will ask about that aren't in any standard playbook. Each mapped to Trust Services Criteria.

86-Item Scored Readiness Assessment

All 5 Trust Services categories plus an AI Security section with 14 AI-specific questions. Weighted scoring tells you exactly where you stand.

12 Security Policies

Information Security, Access Control, Change Management, Incident Response, Risk Management, Data Classification, Vendor Management, Business Continuity, HR Security, Asset Management, Encryption, Acceptable Use - all with AI provisions.

83-Item Evidence Collection Map

57 standard + 26 AI-specific evidence items. Organized by Trust Services Criteria so you know exactly what to collect and where it maps.

AI System Architecture Template

Fill-in-the-blank architecture doc for SOC 2 auditors. Data flow, model inventory, tenant isolation, vendor mapping. Auditors love this one.

Auditor Interview Prep

20+ AI-specific questions your auditor will ask, with guidance on answering each one. Walk into the readiness assessment confident.

Who This Is For

Built for the people who actually have to get this done.

Startup CTO

AI Startup Technical Leaders

Your biggest prospect just asked for your SOC 2 report and you don't have one yet. You need to move fast without missing the AI-specific controls that will trip you up in the audit.

Security Lead

First-Audit Security Teams

You've been tasked with SOC 2 readiness but your company ships AI products. Generic SOC 2 templates don't cover training data governance, prompt injection, or model vendor risk.

vCISO

vCISOs Serving AI Clients

Your AI startup clients need SOC 2 and you need deliverables that cover the AI angle. This kit gives you the policies, controls, and evidence maps ready to customize per client.

One-Time Purchase
$497

Everything you need to prepare for your SOC 2 audit - including the AI parts nobody else covers.

  • 12 AI-Specific SOC 2 Controls Guide (3,800 words)
  • 86-Item Scored Readiness Assessment
  • 12 Security Policies with AI provisions
  • 83-Item Evidence Collection Map (57 standard + 26 AI-specific)
  • AI System Architecture Template
  • Auditor Interview Prep (20+ AI-specific questions)
  • Single-user commercial license
Buy Now - $497

Instant download. All documents in editable formats.

Questions

We haven't started SOC 2 yet - is this too advanced?

No, it's designed for companies starting from zero. The readiness assessment tells you where you are, and the policies give you what to implement.

Does this replace hiring an auditor?

No. You still need a CPA firm for the actual audit. This kit prepares you so the audit goes smoothly and you're not scrambling.

How is this different from generic SOC 2 templates?

12 AI-specific controls, AI-specific evidence items, and auditor interview prep for AI questions. Generic templates don't cover training data, prompt injection, or model vendor management.

Should we get Type I or Type II?

Type I confirms your controls are designed correctly at a point in time. Type II confirms they operated effectively over a period (typically 6–12 months). Enterprise prospects almost always ask for Type II. If you haven't started yet, plan for a Type I first - it's faster and serves as confirmation that your control design is audit-ready before the observation period begins. The readiness assessment in this kit is designed to prepare you for both.

Which Trust Services Categories are required?

Security (CC) is the only required TSC. Availability, Confidentiality, Processing Integrity, and Privacy are optional - but enterprise prospects in regulated industries (healthcare, finance, legal) often require Availability and Confidentiality at minimum. The readiness assessment covers all five categories with AI-specific questions in each. Choose your scope based on what your target customers ask for.

How long does the audit take from start to finish?

Type I: 2–3 months to prepare, 4–6 weeks for the audit itself. Type II: preparation plus a 6–12 month observation period before the audit. The total timeline from "we need SOC 2" to "we have the report" is typically 9–18 months depending on your starting state. This kit compresses the preparation phase by giving you the policies, evidence maps, and control documentation before you engage an auditor.

Complete Your Security Stack

Pair the SOC 2 kit with these to cover every angle your enterprise prospects will ask about.

Security Questionnaire Kit - $297

Pre-built answers for the security questionnaires your enterprise prospects send before signing. SIG, CAIQ, VSA, and custom questionnaire coverage with AI-specific responses.

AI Architecture Review Checklist - $97

Technical review checklist for AI system architecture. Covers model selection, data pipeline security, inference infrastructure, monitoring, and vendor risk.

David A. Moline, CISSP | CISM

Your AI automation, built by someone who secures DoD systems.

Johns Hopkins IBM Google

Close Enterprise Deals Faster

Get audit-ready before your biggest prospect asks. SOC 2 prep with full AI coverage - policies, controls, evidence maps, and interview prep.

Get the Kit - $497 Book a Call First
S
Solas AI Online

Hi! I'm the Solas AI assistant. I can answer questions about our services, pricing, and how we help service businesses save time with AI automation. What can I help you with?