AICPA Trust Service Criteria mapped, evidence captured continuously from your cloud and identity stack, Type I or Type II ready, and the same data model as your ISO 27001 ISMS so an audit cycle answers both reports.
Trust Service Criteria covered (Security mandatory, A/PI/C/P optional)
Type I point-in-time and Type II over observation period
Shared controls feed SOC 2 and ISO 27001 from one workspace
SOC 2 Type II requires evidence of controls operating effectively over a period of time, typically 6 to 12 months. KaitoSec connects to your cloud providers, identity systems, and developer tools to collect evidence automatically, so you are always audit-ready.
A Type I report confirms your controls are suitably designed at a point in time. A Type II report covers operating effectiveness over an observation period. KaitoSec supports both, with a clear pathway from your first Type I to ongoing Type II readiness.
Turn your compliance posture into a sales asset with a KaitoSec Trust Center. Share your SOC 2 report, security policies, and subprocessor list with prospects under NDA, giving your sales team a faster path through security reviews.
Map your existing controls to all five Trust Service Criteria. Security (CC), Availability (A), Processing Integrity (PI), Confidentiality (C), and Privacy (P). KaitoSec shows which criteria your auditor is examining and what evidence is required for each.
KaitoSec integrates with AWS, GCP, Azure, GitHub and Okta to pull configuration evidence automatically. Access reviews, encryption status, and vulnerability scans are captured without any manual screenshots or exports.
Invite your CPA firm to a dedicated workspace where they can review evidence, raise requests, and mark controls as tested. Audit fieldwork happens inside KaitoSec, no email chains, no shared drives, no confusion about which evidence version is current.
Built on open catalogs: BSI, MITRE, OWASP, ENISA
Related platform features
KaitoSec