Enterprise procurement gate

SOC 2 Type II for AI systems.
Close enterprise deals faster.

SOC 2 Type II readiness kit — £999 one-time + £199/mo monitoring (optional)

Enterprise buyers demand SOC 2 Type II. We map every trust services criterion to the realities of generative AI — prompt injection, model supply chain, inference monitoring, and data residency — so your audit passes the first time.

AI-specific controls auditors now ask for

Prompt injection and adversarial-input monitoring.
Model supply-chain provenance (SBOM + SLSA).
Training-data privacy and confidentiality classification.
Hallucination and output drift detection for high-stakes use cases.

Book free readiness check Compare ISO 27001 See all protocols

Choose your tier

SOC 2 Quick Start

£9one-time

30-question readiness assessment and a one-page gap summary.

Get £9 Quick Start

SOC 2 Type II Kit

£999one-time

Pre-mapped controls, policies, evidence templates, and one signed readiness attestation.

Buy — £999

Audit-Prep Bundle

£4,950one-time

Kit + 2-day engagement + mock auditor review + 90-day support.

Buy Audit-Prep — £4,950

Enterprise

£1,499/month

Continuous control monitoring, quarterly evidence refresh, and unlimited attestations.

Talk sales — £1,499/mo

What's covered

CC6.1 + CC6.6 access & change control

Identity governance, least-privilege role matrix, and immutable change logs for model deployments, prompt templates, and infrastructure.

CC7.2 anomaly detection for AI

Monitoring rules tuned to generative AI risks: prompt injection spikes, data exfiltration patterns, model drift, and unauthorised API keys.

CC8.1 change management

Versioned model releases, rollback playbooks, signed attestation per deployment, and automated evidence collection for the audit window.

Privacy & confidentiality mapping

Data classification, retention schedules, encryption at rest and in transit, and sub-processor governance aligned to SOC 2 privacy criteria.

Why this matters now

Enterprise buyers now require SOC 2 Type II before procurement. A ‘SOC 2 in progress’ slide no longer closes deals.

AI systems add novel controls: prompt injection, model supply chain, training data provenance, and hallucination monitoring. Generic SOC 2 templates miss them.

Audit windows are 3-12 months. Front-loading evidence collection shortens the observation period and reduces auditor follow-ups.

A single failed control can restart the clock. The kit ties every TSC to pre-written policies, evidence owners, and automated tests.

Frequently asked questions

Does SOC 2 apply to AI companies?

Yes. SOC 2 applies to any organisation that stores, processes, or transmits customer data. For AI companies, the audit scope must include model hosting, prompt logging, inference APIs, training data handling, and third-party model providers.

How long does SOC 2 Type II take?

Type I can be achieved in 4-8 weeks. Type II requires an observation period of at least 3 months (often 6-12 months). The kit compresses readiness by providing pre-mapped controls, policies, and evidence templates.

Which trust services categories are covered?

The kit covers Security (common criteria), Availability, Confidentiality, and Privacy. Processing Integrity is available as an add-on for systems that perform automated transactions or calculations.

Can MEOK integrate with our existing compliance tooling?

Yes. We export evidence to Vanta, Drata, Sprinto, AuditBoard, and ServiceNow GRC formats. The HMAC-signed attestation can also be referenced directly in your trust centre.

What evidence does the auditor actually see?

Policy documents, access reviews, change tickets, monitoring screenshots, penetration-test results, encryption certificates, sub-processor agreements, and signed control attestations. The kit organises these by TSC and audit period.

Need an information-security baseline first?

See the ISO 27001 kit →

MEOK AI Labs · CSOAI LTD · UK Companies House 16939677

CSOAI

Initializing...

SOC 2 Type II for AI systems.
Close enterprise deals faster.

SOC 2 Type II readiness kit — £999 one-time + £199/mo monitoring (optional)

AI-specific controls auditors now ask for

Prompt injection and adversarial-input monitoring.
Model supply-chain provenance (SBOM + SLSA).
Training-data privacy and confidentiality classification.
Hallucination and output drift detection for high-stakes use cases.

Choose your tier

SOC 2 Quick Start

£9one-time

30-question readiness assessment and a one-page gap summary.

Get £9 Quick Start

SOC 2 Type II Kit

£999one-time

Pre-mapped controls, policies, evidence templates, and one signed readiness attestation.

Buy — £999

Audit-Prep Bundle

£4,950one-time

Kit + 2-day engagement + mock auditor review + 90-day support.

Buy Audit-Prep — £4,950

Enterprise

£1,499/month

Continuous control monitoring, quarterly evidence refresh, and unlimited attestations.

Talk sales — £1,499/mo

What's covered

CC6.1 + CC6.6 access & change control

Identity governance, least-privilege role matrix, and immutable change logs for model deployments, prompt templates, and infrastructure.

CC7.2 anomaly detection for AI

Monitoring rules tuned to generative AI risks: prompt injection spikes, data exfiltration patterns, model drift, and unauthorised API keys.

CC8.1 change management

Versioned model releases, rollback playbooks, signed attestation per deployment, and automated evidence collection for the audit window.

Privacy & confidentiality mapping

Data classification, retention schedules, encryption at rest and in transit, and sub-processor governance aligned to SOC 2 privacy criteria.

Why this matters now

Enterprise buyers now require SOC 2 Type II before procurement. A ‘SOC 2 in progress’ slide no longer closes deals.

AI systems add novel controls: prompt injection, model supply chain, training data provenance, and hallucination monitoring. Generic SOC 2 templates miss them.

Audit windows are 3-12 months. Front-loading evidence collection shortens the observation period and reduces auditor follow-ups.

A single failed control can restart the clock. The kit ties every TSC to pre-written policies, evidence owners, and automated tests.

Frequently asked questions

Does SOC 2 apply to AI companies?

How long does SOC 2 Type II take?

Which trust services categories are covered?

The kit covers Security (common criteria), Availability, Confidentiality, and Privacy. Processing Integrity is available as an add-on for systems that perform automated transactions or calculations.

Can MEOK integrate with our existing compliance tooling?

Yes. We export evidence to Vanta, Drata, Sprinto, AuditBoard, and ServiceNow GRC formats. The HMAC-signed attestation can also be referenced directly in your trust centre.

What evidence does the auditor actually see?

Need an information-security baseline first?

See the ISO 27001 kit →

MEOK AI Labs · CSOAI LTD · UK Companies House 16939677

SOC 2 Type II for AI systems.Close enterprise deals faster.

Choose your tier

What's covered

Why this matters now

Frequently asked questions

SOC 2 Type II for AI systems.Close enterprise deals faster.

Choose your tier

What's covered

Why this matters now

Frequently asked questions

SOC 2 Type II for AI systems.
Close enterprise deals faster.

SOC 2 Type II for AI systems.
Close enterprise deals faster.