SOC 2 for platform teams
This is a thin hub for teams who hear “SOC 2” and need to know where to read in this library. Deep framing lives in Compliance quick reference for SREs (matrix + checklists) and Audit fieldwork and evidence for engineers.
Not legal or audit advice. Your GRC owners map Trust Services Criteria to actual controls.
If you need …
Section titled “If you need …”| You need | Start here |
|---|---|
| CI/CD change and access evidence | Compliance and audit |
| What auditors often ask engineers | Audit fieldwork and evidence for engineers |
| Checklists across frameworks (including SOC 2) | Compliance quick reference for SREs |
| Scanning and gates | Security scanning (DevSecOps) |
| Kubernetes production posture | Production platform checklist |
| Identity and secrets | AWS IAM, AWS secrets, Kubeconfig and authentication |
| Broader DevSecOps routing | DevSecOps overview |
Related
Section titled “Related”- Security overview
- CIS controls and cloud benchmarks — Different lens (benchmarks vs SOC 2), often used together in cloud programs.