Skip to content

SOC 2

What Escape tests against the SOC 2 Trust Services Criteria, and how to use the SOC 2 block in reporting.

What We Cover

SOC 2 is a controls framework, not a prescriptive checklist. Escape maps findings to the criteria that touch application-layer security:

  • Security (CC6, CC7): vulnerability management, access controls, security event detection. Every DAST and AI Pentesting finding rolls up here.
  • Availability (A1): findings that threaten uptime (denial-of-service primitives, resource exhaustion bugs).
  • Processing Integrity (PI1): integrity bugs, IDOR, mass assignment, and business-logic findings that alter outputs.
  • Confidentiality (C1): sensitive-data exposure, including unencrypted transport and over-disclosure of PII.

The full control-to-test mapping is rendered inside the app under Frameworks -> SOC 2.

How to Enable

  1. Turn on the SOC 2 framework under Organization Settings -> Compliance.
  2. Attach the SOC 2 block to the reports you hand to your auditor.
  3. Pair with the SOC 2 asset tag so the Compliance Matrix filters to the in-scope systems.

What the Report Contains

Per enabled asset: each relevant Trust Services Criterion, the mapped security tests, findings in scope, and a pass / fail posture. Export as PDF or as a CSV evidence pack.