C1.1
gapC1.1 Confidentiality Commitments readiness
Severitate 5; lipsesc 3 tipuri de evidenta in esantionul public curent.
PREVIEW PUBLICsoc_2Aliniat: 2026-03-14
SOC 2 Readiness
A readiness pack for organisations that need to show disciplined trust-service control evidence before any formal SOC examination.
Aceasta pagina este un wrapper public-sigur peste artefactele reale. Arata forma de review si postura pack-ului curent fara a face public implicit pachetul complet.
Pentru cine este
- SaaS teams preparing for buyer scrutiny, trust reviews, or a future SOC 2 journey.
- Economic buyers or auditors who need to inspect control evidence quality, not marketing summaries.
- Operators who want a repeatable baseline across governance, access, monitoring, and change practices.
Civitas preview document
SOC 2 Readiness
Preview public derivat din pack-ul real. Include sumar de reviewer, controale reprezentative, gap-uri reprezentative si posturi de artefact.
Pack ID: PACK-001
Aliniere publica: 2026-03-14
Sursa publica: Specimen public canonic
Verificare: OK
Controale totale
100
Gap-uri vizibile
100
Claim-uri
2
Verificator
15
Reviewer summary
Structura artefactelor este verificata, dar sample-ul curent ramane gap-heavy: 100 din 100 controale sunt marcate gap in output-ul actual public.
Scope-ul declarat este "Vendor security control assessment", iar out-of-scope-ul declarat este "Penetration testing and red teaming". Acesta este un preview public, nu control matrix-ul complet.
Postura curenta
Structura verificata
Context public: Preview curatoriat peste artefactele reale
Boundary: Pack complet retinut pentru customer delivery
Artefacte sigilate: 6
Model verify: Confirmare locala a pack-ului complet
Controale reprezentative
| ID | Obiectiv | Severitate | Status |
|---|---|---|---|
| CC1.1 | Demonstrate that control environment is defined, operated, and reviewable with reproducible local evidence. | 4 | gap |
| CC1.2 | Demonstrate that control environment is defined, operated, and reviewable with reproducible local evidence. | 5 | gap |
| CC1.3 | Demonstrate that control environment is defined, operated, and reviewable with reproducible local evidence. | 4 | gap |
Gap-uri reprezentative
C1.3
gapC1.3 Confidentiality Commitments readiness
Severitate 5; lipsesc 3 tipuri de evidenta in esantionul public curent.
C1.5
gapC1.5 Confidentiality Commitments readiness
Severitate 5; lipsesc 3 tipuri de evidenta in esantionul public curent.
Bloc de artefacte de esantion
Decision preview
HTML/PDF complet exista in pachetul real. Aici expunem doar cover-ul, sumarul si postura de reviewer.
Integritate si verificare
Verifier OK: da; 15 intrari verificate; 6 artefacte sigilate.
Boundary public
Control matrix-ul complet, evidenta completa, runlog-ul complet si pack.zip-ul brut raman in context intern sau customer delivery.
Ce ajuta sa produci
- A reviewer-ready proof set tied to Common Criteria style themes and deterministic outputs.
- A practical readiness baseline for customer trust conversations and internal remediation planning.
- A portable artifact set for re-checking in the viewer and external review workflows.
Ce acopera la nivel inalt
- Governance, risk, access, monitoring, vendor oversight, and change-discipline themes.
- Evidence-backed claims that surface where readiness is strong, partial, or missing.
- Decision outputs suitable for technical review and economic-buyer trust review.
Ce nu revendica
- A SOC 2 report, attestation opinion, or CPA-issued examination result.
- A replacement for formal scoping, control-design validation, or auditor procedures.
Artefacte complete in customer delivery
DecisionPack.html
Browser-readable decision surface for reviewer inspection.
DecisionPack.pdf
Print-ready decision pack for procurement, audit, and leadership review.
DecisionPack.manifest.json
Artifact manifest and pack metadata for traceability.
DecisionPack.seal.json
Deterministic seal metadata for integrity review.
pack.zip
Pack archive delivered for local inspection and replay.
verify.json
Verifier output expected to resolve to a passing state on a valid public pack.
SHA256.txt
Checksums for reviewer-side integrity confirmation.
Aceste artefacte raman reale si neschimbate. Diferenta este doar de expunere publica: preview-ul este implicit, nu dump-ul complet.
CTA relevante
Preview-ul public demonstreaza forma reala a produsului. Pachetul complet, mapping-ul complet si livrarea completa raman disponibile in contextul de customer delivery sau demo controlat.