Framework

SOC 2 Mapping and Exports

Use SOC 2 as a structured way to organize controls and evidence. Export a mapping snapshot and evidence bundle when a reviewer needs traceability.

Get a 15-Minute Walkthrough View a Sample Reviewer Export

What This Covers

What This Covers

Framework Summary

High-level mapping of the SOC 2 Trust Services Criteria to Aurora controls. This template is designed for operational readiness (security reviews, SOC 2 Type II programs, and continuous evidence). It focuses on what auditors expect to see in practice: governance, risk management, access controls, monitoring, change management, incident response, availability, and vendor oversight.

Catalog Entry
Type: Framework
Publisher: AICPA (Trust Services Criteria)
Versions: 1
Jurisdictions: US
Coverage (Representative Version)
Requirements
13
Mapped Controls
53
Evidence Specs
128
Automation Tests
170
Exports
  • Mapping snapshot (PDF)
  • Reviewer-ready export (PDF/ZIP)
  • Evidence bundle (ZIP)
  • Coverage verdict report (where enabled)
Plan Note

Framework availability and the number of active frameworks varies by plan. See Plan Limits.

Versions

Supported Versions and Coverage Stats

Aurora's catalog can include multiple published versions of a standard or regulation. Select the version that matches your reviewer request.

tsc-mapping-v1
View Source
Requirements
13
Mapped controls
53
Evidence specs
128
Automation tests
170

How It Works

How Aurora Uses SOC 2

Map requirements to controls once, reuse mapping across reviews, attach evidence and policies, and export traceability on demand.

Scope and Control Mapping
  • Map requirements to Aurora controls
  • Assign owners and approval gates
  • Keep decisions tied to exports
Evidence and Freshness
  • Attach artifacts to controls and answers
  • Track capture dates and expiration
  • Export evidence bundles with clear source details
Reviewer-Ready Exports
  • Generate reviewer-ready exports and evidence bundles
  • Produce point-in-time snapshots for audit windows
  • Keep citations attached so reviewers can verify
Controlled Sharing
  • Share curated artifacts through a Trust Center
  • Gate access with tier rules and agreements
  • Export access logs for audit trails

Next Step

See How This Maps to Your Next Reviewer Request

Use Exports to Align on Scope
Start with the deliverable reviewers accept, then map backward to the controls and evidence you need.
Bring One Request, Get a Plan
We will map the shortest path: required controls, evidence objects, integrations, and the export format reviewers expect.
Get a 15-Minute Walkthrough

FAQ

SOC 2 Questions

Can We Use This Framework Alongside Another One?
Yes, by plan. Many teams maintain one baseline and reuse evidence across frameworks.
Do You Provide an Auditor Opinion?
No. Aurora provides exports and traceability. Auditors and assessors remain independent.
Next step
Want a Mapping Snapshot for SOC 2?
Bring one reviewer ask. We’ll show the export format and what’s already ready from your current evidence.
Get a 15-Minute Walkthrough View a Sample Reviewer Export
No obligation. We respond within one business day. We will show a sample reviewer-ready export.