SOC 2 Controls
Anima provides built-in SOC 2 Type II controls and automated evidence collection for AI agent operations. The platform maps its security features to Trust Service Criteria, making audit preparation straightforward.Trust Service Criteria Mapping
Anima covers controls across all five Trust Service Categories:Security (Common Criteria)
| Control ID | Control | Anima Feature |
|---|---|---|
| CC6.1 | Logical access security | Pod isolation, API key scoping |
| CC6.2 | Authentication mechanisms | DID-based auth, API key rotation |
| CC6.3 | Authorization and access controls | Role-based permissions, budget guards |
| CC6.6 | System boundary protections | Pod network isolation, MCC controls |
| CC7.1 | Monitoring for anomalies | Anomaly detection, behavioral baselines |
| CC7.2 | Activity monitoring and alerting | Audit log, SIEM integration |
| CC7.3 | Evaluating security events | Quarantine, incident response workflows |
| CC8.1 | Change management | API versioning, configuration audit trail |
Availability
| Control ID | Control | Anima Feature |
|---|---|---|
| A1.1 | Capacity management | Pod resource limits, rate limiting |
| A1.2 | Recovery procedures | Automated backups, disaster recovery |
Confidentiality
| Control ID | Control | Anima Feature |
|---|---|---|
| C1.1 | Identification of confidential data | Vault encryption, secret classification |
| C1.2 | Disposal of confidential data | Vault secret expiration, secure deletion |
Viewing Controls Status
- Tab Title
- Tab Title
- Tab Title
Evidence Collection
Anima automatically collects evidence for each control from audit logs, configurations, and system state:Evidence Types
| Type | Description |
|---|---|
configuration | System configuration snapshots proving control state |
audit_event | Audit log entries demonstrating control enforcement |
policy_document | Automatically generated policy documentation |
test_result | Results of automated control tests |
access_review | Periodic access review records |
Continuous Monitoring
Controls are continuously evaluated, not just at audit time:API Reference
| Endpoint | Method | Description |
|---|---|---|
https://api.useanima.sh/api/compliance/soc2/controls | GET | List all SOC 2 controls and status |
https://api.useanima.sh/api/compliance/soc2/controls/:id | GET | Get a specific control |
https://api.useanima.sh/api/compliance/soc2/evidence | GET | Query evidence by control and date |
https://api.useanima.sh/api/compliance/soc2/evidence/export | POST | Export evidence package |
https://api.useanima.sh/api/compliance/soc2/monitoring | PUT | Configure continuous monitoring |
https://api.useanima.sh/api/compliance/soc2/dashboard | GET | Get compliance dashboard data |
Configuration
| Variable | Default | Description |
|---|---|---|
ANIMA_SOC2_EVALUATION_INTERVAL | 1h | Control evaluation frequency |
ANIMA_SOC2_EVIDENCE_RETENTION_DAYS | 730 | Evidence retention period (2 years) |
ANIMA_SOC2_ALERT_ON_FAILURE | true | Alert when a control starts failing |
Next Steps
- Compliance Reporting — Generate audit-ready reports
- Audit Log — Underlying event data for evidence
- Anomaly Detection — CC7.x control implementation
