Skip to content
Framework mapping

Stay ready for SOC 2 reviews

Map SOC 2 to the controls and evidence your team already manages, keep the record current between cycles, and answer examiners, auditors, and buyers with traceable proof the moment they ask for it.
Request a 15-minute walkthrough Browse the library
13
Requirements
53
Mapped controls
143
Evidence specs
170
Test assertions
18
Sources
16
Domains
9%
Automated
Published by AICPA (Trust Services Criteria)Latest: Current Aurora mappingMapping updated Feb 18, 20261 jurisdictionView official source
US

Evidence automation

How SOC 2 Evidence Gets Collected

Aurora maps framework requirements to evidence specifications with defined collection methods, cadence, and integration sources.

Collection methods
143evidence specs defined
13automated9%132manual
Collection cadence
145 scheduled
5P3Y14P1Y1P3M2P6M10Daily1Weekly2Monthly22Quarterly21Semi-annual67Annual
Connected sources
18
AwsAzureGcpGithubGoogle WorkspaceIntuneJamf ProJumpcloudKnowbe4Microsoft Entra M365OktaQualysRipplingSplunk Hec ReceiverTenable IoTrinetWizWorkday

Control depth

Control Domains Mapped for SOC 2

Each mapped control carries evidence specifications, test assertions, and implementation guidance. Overlapping controls are reused across frameworks.

53of 88
Aurora controls mapped
Coverage
60%
Control domains
16 domains
Access Control
7
Governance
6
Vendor Management
5
Business Continuity
5
Data Protection
5
Secure Software Development
4
Privacy
4
Physical Security
3
Training & Awareness
2
Risk Management
2
Monitoring
2
Configuration Management
2
Vulnerability Management
2
Incident Response
2
Network Security
1
Change Management
1

At a glance

What Teams Need to Know About SOC 2

Best for

Programs that need state or regulator-specific proof mapped into the same control and evidence system they already maintain.

Reviewers expect

Mapped requirements, linked evidence, approval history, and structured exports for SOC 2 reviews.

Where teams stall

Rebuilding control mappings and chasing evidence for each SOC 2 review cycle instead of reusing a current record.

Governed exports
  • Control matrix
  • Evidence package
  • Reviewer portal access
  • Audit-period exports

Lifecycle signals

How Aurora Keeps SOC 2 Current

Automated signals track evidence freshness, detect coverage gaps, and surface upcoming deadlines so teams stay ahead of review windows.

Evidence freshness tracking

Alerts when evidence artifacts approach expiration

Automation gap detection

Identifies controls without automated evidence collection

Training assignments

Links training requirements to framework controls

Assessment readiness

Tracks question coverage and approved answers

Calendar deadlines

Review window and renewal date tracking

Incident response timelines

Regulatory notification and response window tracking

Remediation tracking

Gap-to-fix workflows with owner assignment

Policy governance

Approval workflows, version tracking, and clause mapping

From request to handoff

How Teams Stay Review-Ready Between Cycles

Aurora turns one named framework request into a repeatable operating motion your team can maintain between audits, buyer reviews, and renewals.

01
Scope the exact version
Start with the SOC 2 version your reviewer or buyer already asked for so the record matches the request in front of you.
02
Reuse the controls you already trust
Map overlapping requirements to the same governed control library instead of rebuilding the program around one framework.
03
Keep proof current between cycles
Attach evidence with owners, freshness expectations, and reminders so the package stays current while the business keeps moving.
04
Capture approvals and decisions
Keep policy approvals, exceptions, and review history linked to the same record so reviewers see the operating context, not just files.
05
Hand off a clean reviewer package
Share structured access or export a scoped package with mappings, evidence context, and timestamps already intact.
See It with Your FrameworkCompare Plans

Supported versions

Mapped Versions of SOC 2

Latest
Current Aurora mapping
Source
13
Requirements
53
Controls
143
Evidence
170
Tests
18
Sources
16
Domains
Framework request

Don't See Your Framework?

If a framework, regulation, or customer requirement is blocking your deal, bring it. We scope feasibility, assess overlap with your existing program, and map a rollout path, usually in one call.

Step 1
Share the requirement

Name the framework, version, and review timeline so we confirm scope before anything else.

Step 2
We assess the overlap

Your existing controls, evidence, and mappings in Aurora are compared against the new requirement to quantify what carries over.

Step 3
Get a clear answer

Leave the call with a feasibility decision, rollout timeline, and next steps. Not a follow-up form.

Discuss Framework CoverageBrowse All Frameworks

Common questions

SOC 2 Questions, Answered Plainly

How does this fit alongside the frameworks we already run?
Aurora maps each framework into the same governed control and evidence system, so teams expand coverage without rebuilding the entire record.
How quickly can we support the next review cycle?
Tell us about the framework version and review window you need to support. Aurora helps your team move from mapped controls to traceable proof without rebuilding the package from scratch.
What does the reviewer actually receive?
Reviewers get structured access to the mapped record, linked evidence, approvals, and point-in-time exports instead of a loose collection of attachments.
Does Aurora replace the auditor or assessor?
No. Aurora keeps the work current, traceable, and ready to share. Auditors, assessors, and regulators remain independent.

Aurora does not guarantee certification, audit outcomes, or reviewer decisions. It organizes, tracks, and shares the evidence and mappings your team maintains.

Live walkthrough
Preparing for SOC 2 review?
Share the version your reviewer asked for. We will show how Aurora maps SOC 2 into your existing control library, keeps evidence current, and gives reviewers a clean handoff.
Request a 15-minute walkthrough
Browse integrations
15-minute walkthrough. No obligation. See Aurora applied to your workflow with the exact outputs reviewers receive. (No compliance guarantees.)