SOC 2 Control Mapping Matrix

This page maps Stratosphere’s PACT cryptographic integrity layer to SOC 2 Trust Services Criteria. It is intended to support audit preparation by showing how system capabilities align to control objectives.

Important: Stratosphere does not certify SOC 2 compliance. This mapping describes how the platform supports evidence collection for SOC 2 Type II audits.

Control Mapping Overview

SOC 2 Category Control Objective PACT Capability Audit Value
Security (CC6 / CC7) Access control and system protection Role-based access logging + cryptographic event tracking Verifiable record of who accessed what and when
Security (CC6) Logical access enforcement RBAC + immutable administrative event logging Evidence of access restrictions and enforcement
Availability (CC7) System availability and monitoring Operational event logging + integrity chaining Reliable uptime and incident traceability evidence
Processing Integrity (CC7) Complete and accurate processing Sequential event hashing + tamper detection Proof that records were not altered or reordered
Confidentiality (CC6) Protection of sensitive information Encrypted workflows + access-scoped logging Evidence of controlled access to sensitive operations
Change Management (CC8) Controlled system changes Cryptographically signed change events Audit trail of system and configuration changes

How PACT Strengthens SOC 2 Audits

SOC 2 audits require evidence that controls operated effectively over time. PACT enhances this by ensuring that operational data used as evidence is:

What This Does NOT Do

PACT does not replace SOC 2 audits, issue certifications, or guarantee compliance outcomes. Organizations remain responsible for implementing and operating SOC 2 controls within their environment.

Use in Audit Preparation

This mapping is typically used by: