SOC 2
An AICPA audit framework evaluating a service organization's controls across security, availability, processing integrity, confidentiality, and privacy.
In more detail
SOC 2 is the de facto trust framework for SaaS vendors selling into mid-market and enterprise customers. The audit examines five trust criteria, with security being mandatory and the other four optional based on what the service organization provides.
Type I attests that the controls are designed correctly at a point in time. Type II attests that the controls operated effectively over a period (typically six to twelve months). Most enterprise customers require Type II.
Where this shows up at Ceven
Ceven's SOC 2 evidence assembles itself from the platform's own audit log. Every agent action writes one hash-chained row, and the standard SOC 2 evidence packs lift directly from the row stream. The audit posture is built into the architecture rather than bolted on at attestation time.