Table of Contents

Reach SOC 2 Compliance in 6 Weeks or Less.

  /

  / AI Agents & Compliance: Managing Non-Human Access

AI Agents & Compliance: Managing Non-Human Access

78% of organizations have no formal policies for creating or removing AI agent identities, according to a 2026 report from the Cloud Security Alliance and Oasis Security. The same research found that 92% are not confident that their legacy identity and access management tools can handle the risks agents introduce. Those two numbers describe the problem in full: enterprises are deploying autonomous software that reads email, queries databases, and triggers actions across production systems, and most of them cannot say who authorized it, what it can touch, or how they would prove any of that to an auditor.

This is not a future problem. Agents are already operating inside regulated environments governed by the GDPR, HIPAA, SOX, and the EU AI Act. Every access decision an agent makes is a compliance event, whether or not anyone is logging it. This article covers what regulators actually expect, where traditional IAM falls short, and how to build an access framework for AI agents that survives an audit.

AI Agents and Compliance

Understanding the Compliance Landscape for AI Agents

Key Regulations Impacting AI Agent Access

No regulation says “AI agent” and then hands you a checklist. Instead, agents inherit obligations from every framework that governs the data and systems they touch.

Under the GDPR, an agent processing personal data triggers the full set of principles in Article 5: lawfulness, purpose limitation, data minimization, and accountability. If an agent makes decisions that produce legal or similarly significant effects on individuals, Article 22 restrictions on automated decision-making apply as well. HIPAA requires covered entities to implement access controls, audit controls, and integrity protections for electronic protected health information under the Security Rule, and an agent with access to ePHI is subject to the same technical safeguards as a human workforce member. SOX demands that access to financial reporting systems be controlled, segregated, and reviewable, which becomes genuinely difficult when an autonomous agent can touch the general ledger.

The EU AI Act adds an AI-specific layer, and its timeline is widely misunderstood. Following the Digital Omnibus agreement, obligations for standalone high-risk systems under Annex III were deferred to December 2, 2027. But the Article 50 transparency obligations still apply from August 2, 2026, meaning agents that interact with people in the EU must disclose their artificial nature on the original schedule. Treating the Omnibus as a blanket delay is one of the most common compliance mistakes being made right now.

Important: The Digital Omnibus deferred the high-risk regime, not the whole Act. If an AI agent interacts with users in the EU, the August 2, 2026, transparency requirements were not moved, and the AI Office’s enforcement powers go live on the same date. Do not stand down 2026 workstreams based on headlines about the 2027 deferral.

How AI Agents Create New Compliance Risks

Agents break the assumptions most compliance programs are built on. A human user requests access, receives a role, and behaves within a predictable envelope. An agent reasons about its own goals, chains tool calls across systems, and can attempt actions its designers never anticipated. It operates at machine speed and machine volume, so a misconfigured permission produces thousands of non-compliant data touches before anyone notices. And because agents frequently run on shared service accounts or borrowed OAuth tokens, attribution collapses: the audit log says the CRM was queried, but not by whom, for what purpose, or under whose authority.

The Gap Between Traditional IAM Compliance and Agentic AI

Traditional IAM assumes identities are stable, access needs are predictable, and behavior maps to a job description. None of that holds for agents. A 2026 Cloud Security Alliance survey found that 68% of organizations cannot reliably distinguish AI agent activity from human activity in their logs. For a compliance function, that is disqualifying. If you cannot separate agent actions from human actions, you cannot certify access, demonstrate segregation of duties, or respond to a data subject access request with confidence.

Core Compliance Requirements for AI Agent Access

Auditability and Traceability of Agent Actions

Every major framework converges on the same demand: show your work. For agents, a login timestamp is not enough. A defensible audit trail captures the full chain of custody for each action: which agent acted, which human or process delegated the authority, which tool or API was invoked, which data was accessed, and what the outcome was. Gartner’s 2026 Market Guide for what it calls “guardian agents” describes exactly this pattern of recording agent-to-tool-to-target chains for compliance reporting and incident response.

Data Protection and Privacy Obligations

Agents must operate inside the same data protection perimeter as everything else. That means Data Loss Prevention (DLP) controls apply to agent outputs, not just human uploads. It means an agent’s access to personal data needs a lawful basis, documented before deployment, not reverse-engineered after. And it means retention rules follow the data into whatever context window, vector store, or scratchpad the agent moves it into.

Separation of Duties in Autonomous Systems

Separation of duties exists so that no single actor can both commit and conceal an error or a fraud. A single agent granted permissions across procurement, approval, and payment reconstitutes exactly the toxic combination SOX controls were designed to prevent, except now it executes at machine speed. The control translates directly: no agent should hold permission sets that a human in the same process would be prohibited from combining, and multi-agent workflows need the same conflict analysis as human role assignments.

Consent, Purpose Limitation, and Data Minimization

Purpose limitation is the principle that agents most naturally violate. An agent given broad access “to be helpful” will use data collected for one purpose to accomplish another, because nothing in its architecture knows the difference. Compliance-ready agent access means scoping data access to the declared purpose of the task and enforcing that scope technically rather than hoping the system prompt holds.

Insider Note: In practice, the purpose limitation failures we see are rarely dramatic. They look like a support agent enriching a ticket with data pulled from the sales database, or a reporting agent summarizing HR records it was never meant to read. Each incident is small. Under GDPR, each is also a processing activity without a lawful basis, and they accumulate into an audit finding.

SOC 2, ISO 27001 and HIPAA done for you. Fixed fee, 100% audit pass rate.

Audit-ready in 6 weeks. Not 6 months.

Managing Access for AI Agents in a Compliant Way

Assigning Verifiable Identities to AI Agents

The foundational control is the simplest to state: every agent gets its own identity. No shared service accounts, no borrowed human credentials, no anonymous API keys. Each agent identity carries an owner (a named human accountable for it), a declared purpose, an access scope, and a lifecycle with a defined end. This is the Non-Human Identity (NHI) discipline that already governs service accounts and is extended with attributes agents specifically need: model version, delegation chain, and risk tier.

Applying Least Privilege and Just-in-Time Access

The Principle of Least Privilege does more compliance work for agents than any other single control. Standing privilege is where agent risk concentrates, because an always-on identity with broad permissions is a permanent attack surface and a permanent audit liability. The pattern that works is zero standing privilege with Just-in-Time grants: the agent receives narrowly scoped access at the moment a task requires it, and the grant expires when the task completes. This aligns directly with Zero Trust Architecture as defined in NIST SP 800-207, which treats every access request as untrusted until verified, regardless of who or what is asking.

Human-in-the-Loop Controls for High-Risk Actions

Not every action deserves autonomy. Human-in-the-Loop (HITL) checkpoints belong wherever an action is irreversible, touches regulated data categories, crosses a monetary threshold, or produces effects on individuals. A useful heuristic: require approval for any action the organization would require a second signature on if a human performed it.

Delegated Authority: When Agents Act on Behalf of Users

Most enterprise agents act on behalf of a specific person, and the access model must reflect that. Delegated authorization means the agent’s effective permissions are the intersection of its own scope and the delegating user’s entitlements, never more. OAuth 2.0 token exchange and emerging patterns around the Model Context Protocol (MCP) make this technically implementable: the agent carries a token that encodes both who it is and on whose behalf it acts. When the delegating user loses access, the agent’s derived access dies with it.

Pro Tip: Encode the Delegation Chain

Encode the delegation chain into the credential itself, not just the log. A token that asserts "agent X, acting for user Y, for purpose Z, expiring at T" turns attribution from a forensic reconstruction exercise into a property of every request. Auditors respond very differently to controls that are structural rather than procedural.

Building a Compliance-Ready Access Framework

Policy-as-Code for Consistent Enforcement

Written policy does not constrain software; enforced policy does. Policy-as-Code expresses access rules as machine-readable definitions evaluated at runtime, which gives compliance teams two things they have never had: guaranteed consistency between the documented control and the operating control, and version-controlled evidence of exactly what policy was in force at any moment in time. When an auditor asks what governed agent access was on a given date, the answer is a git commit, not a memo.

Mapping Agent Permissions to Regulatory Controls

Each agent’s permission should trace to the control framework it satisfies or threatens. An agent’s read access to customer records maps to GDPR Article 32 security measures and to SOC 2 logical access criteria. Its write access to a financial system maps to SOX ITGC change and access controls. This mapping turns access reviews from a technical exercise into a compliance one, and it produces the traceability matrix auditors ask for on day one.

Continuous Access Reviews and Certification

Quarterly access certification made sense when access changed quarterly. Agent access changes hourly. Continuous compliance for agents means automated detection of scope drift, unused permissions, expired ownership, and behavioral anomalies, with human certification reserved for exceptions and high-risk entitlements. The review cadence should follow the identity’s velocity, not the calendar.

Immutable Audit Logs for Regulatory Evidence

Agent audit logs must be tamper-evident, retained per the strictest applicable regime, and rich enough to reconstruct decisions, not just actions. Write-once storage, cryptographic chaining, or an append-only ledger all satisfy the requirement; a mutable database table that the agent itself can write to does not. The test is simple: could the log survive a challenge from a regulator who suspects it was edited after the incident?

Compliance Challenges Unique to AI Agents

Non-Deterministic Behavior and Accountability Gaps

The same agent, given the same task twice, may take different paths. That non-determinism collides with compliance frameworks that assume controls produce repeatable outcomes. The resolution is to shift assurance from the agent’s behavior to the boundary around it: you cannot certify what the model will decide, but you can certify what it is structurally capable of accessing. Deterministic guardrails around a non-deterministic core are the pattern regulators are converging on.

Multi-Agent Chains and Responsibility Attribution

When an orchestrator agent delegates to a research agent that calls a retrieval agent that touches a regulated dataset, responsibility smears across the chain. Without propagated context, the last agent’s log entry is meaningless. Every hop in a multi-agent chain must carry the originating identity, the delegation path, and the purpose, so the final data access can be attributed all the way back to a human owner.

Cross-Border Data Access and Jurisdictional Issues

An agent does not know it just moved personal data from Frankfurt to a us-east-1 inference endpoint. Transfer restrictions under GDPR Chapter V apply to agent-mediated flows exactly as they do to human-initiated ones, and data residency commitments in customer contracts do not contain an exception for context windows. Region-pinning inference, filtering data before it reaches the model, and logging data location at each hop are all becoming standard controls.

Shadow AI Agents and Ungoverned Access

The most dangerous agent is the one the compliance team does not know exists. Shadow AI now includes agents spun up by business units on SaaS platforms, embedded in procured software, or wired together by an enthusiastic employee with an API key. The 2026 CSA research on token sprawl found that more than 16% of organizations do not track the creation of AI-related identities at all. Discovery, not policy, is the first control: you cannot govern access you cannot see.

Worth Knowing: Shadow Agents

Shadow agents rarely arrive through the front door. The most common vectors are OAuth grants approved by individual users ("this app wants access to your calendar and files"), and agent features switched on inside SaaS tools the organization already licenses. Reviewing tenant-wide OAuth consents is often the fastest way to build a first agent inventory.

Demonstrating Compliance to Auditors and Regulators

Evidence Collection for AI Agent Activity

Auditors will ask for the same categories of evidence they ask for with human access: an inventory, an access matrix, provisioning and deprovisioning records, review attestations, and logs. The difference is volume and structure. Evidence collection for agents has to be automated at the source, with logs structured so that a sampled agent action can be traced from trigger to data access to outcome without manual archaeology.

Reporting on Access Decisions and Policy Violations

A mature program reports on denials as well as grants. Blocked actions, policy violations, HITL escalations, and overridden guardrails are the most persuasive evidence that controls operate, because they show the system saying no. Trend these over time, and they double as a risk signal: a rising violation rate on one agent usually means its scope, its prompt, or its task has drifted.

Aligning With NIST AI RMF and ISO/IEC 42001

Two frameworks give agent access governance a recognized structure. The NIST AI Risk Management Framework organizes the work into Govern, Map, Measure, and Manage functions, and its Govern function explicitly covers accountability structures and role definition, which is where agent ownership and delegation policy live. ISO/IEC 42001, the certifiable AI management system standard, requires organizations to control AI systems across their lifecycle, and access control evidence feeds directly into its operational controls. Organizations already holding ISO 27001 will find that 42001 extends the same management-system logic to AI, with agent identity and access as a natural bridge between the two.

Implementation Roadmap

Implementation Roadmap for Access Compliance

Step 1: Inventory All AI Agents and Their Access Scopes

Start with discovery across four surfaces: agents built in-house, agent features inside licensed SaaS, agents connected via OAuth or API keys, and automation platforms that now embed LLM steps. For each, record the owner, purpose, credentials, effective permissions, and the data categories reachable. Expect the inventory to be larger than anyone predicted. It always is.

Step 2: Define Compliance-Aligned Access Policies

Translate regulatory obligations into access rules: which data categories agents may touch, which actions require HITL approval, maximum privilege durations, delegation requirements, and prohibited permission combinations. Write these as Policy-as-Code from the start rather than as documents to be codified later.

Step 3: Deploy Runtime Enforcement and Monitoring

Move enforcement into the request path. Issue per-agent identities, replace standing credentials with JIT grants, insert policy evaluation at the gateway or MCP layer where agent tool calls flow, and stream every decision into the immutable log. Runtime enforcement is what separates a governance program from a governance binder.

Step 4: Establish Ongoing Governance and Review Cycles

Assign every agent a human owner with renewal obligations. Run continuous automated reviews with human certification for exceptions. Feed violations and incidents back into policy updates. And revisit the framework against the regulatory calendar, because between the EU AI Act’s staged deadlines and the steady expansion of state and sectoral AI rules, the obligations will not sit still.

SOC 2, ISO 27001 and HIPAA done for you. Fixed fee, 100% audit pass rate.

Audit-ready in 6 weeks. Not 6 months.

Conclusion

AI agents turn access management into the center of AI compliance. The organizations that will pass their audits are the ones that treat every agent as a first-class identity with an owner, a scope, a lifecycle, and a trail: least privilege enforced at runtime, delegation encoded in credentials, policy expressed as code, and evidence collected automatically. None of the underlying principles are new. Auditability, minimization, and separation of duties predate agents by decades. What is new is that they must now be enforced against software that reasons, at a speed and scale no quarterly review was designed for. Build the framework before the regulators, or the incident forces the timing.

Frequently Asked Questions

Do AI agents need their own identity for compliance purposes?

Yes, in practice. No regulation names agent identity explicitly, but the obligations regulations do impose (attribution, auditability, least privilege, and access certification) are unachievable when agents share credentials with humans or with each other. A distinct, owned, scoped identity per agent is the control that makes every other control possible.

Audit the boundary, not the reasoning. Capture the full chain for each action: triggering event, delegating identity, policy evaluated, tool invoked, data accessed, and outcome, in an immutable log. You cannot re-derive why a model chose a path, but you can demonstrate what it was permitted to do, what it actually did, and that the two matched.

Almost none, by name. The EU AI Act imposes transparency, human oversight, and logging duties that apply to agentic systems, with high-risk obligations under Annex III now applying from December 2, 2027, and Article 50 transparency duties from August 2, 2026. GDPR, HIPAA, SOX, and PCI DSS govern agent access indirectly through their data protection and access control requirements. NIST AI RMF and ISO/IEC 42001 provide the voluntary and certifiable frameworks that address agent governance most directly.

The organization deploying it, and within the organization, the named human owner of the agent. Regulators have shown no appetite for treating autonomy as a liability shield; under GDPR, the controller remains responsible for processing regardless of how automated it is. This is why human-to-agent attribution is a foundational control rather than a nice-to-have.

The principles are identical; the mechanics invert. Human compliance relies on stable identities, standing roles, and periodic review. Agent compliance requires ephemeral identities, zero standing privilege, runtime policy enforcement, and continuous review, because agents change faster, act faster, and behave non-deterministically. Controls that were procedural for humans must become structural for agents.

Partially, and confidence is low: 92% of organizations in the 2026 CSA and Oasis Security research doubted their legacy IAM could manage AI-driven identity risk. Existing IAM handles authentication and basic credential lifecycle. What it typically lacks is per-task JIT authorization, delegation-aware tokens, intent-based policy evaluation, and agent behavioral monitoring. Most organizations extend their IAM stack with agent-specific controls rather than replacing it.

Axipro Author

Picture of Pedro Dias

Pedro Dias

Pedro has been writing online for over 10 years. With experience in all things programming, cyber security, and compliance, he is our editor-in-chief at Axipro.

Blog Highlights

Explore More Articles

AI Agents and Compliance

78% of organizations have no formal policies for creating or removing AI agent identities, according to a 2026 report from the Cloud Security Alliance and Oasis Security. The same research found that 92% are not confident that their legacy identity and access management tools can handle the risks agents introduce. Those two numbers describe the problem in full: enterprises are deploying autonomous software that reads email, queries databases, and triggers actions across production systems, and most of them cannot say who authorized it, what it can touch, or how they would prove any of that to an auditor. This is not a future problem. Agents are already operating inside regulated environments governed by the GDPR, HIPAA, SOX, and the EU AI Act. Every access decision an agent makes is a compliance event, whether or not anyone is logging it. This article covers what regulators actually expect, where traditional IAM falls short, and how to build an access framework for AI agents that survives an audit. Understanding the Compliance Landscape for AI Agents Key Regulations Impacting AI Agent Access No regulation says “AI agent” and then hands you a checklist. Instead, agents inherit obligations from every framework that governs the data and systems they touch. Under the GDPR, an agent processing personal data triggers the full set of principles in Article 5: lawfulness, purpose limitation, data minimization, and accountability. If an agent makes decisions that produce legal or similarly significant effects on individuals, Article 22 restrictions on automated decision-making apply as well. HIPAA requires covered entities to implement access controls, audit controls, and integrity protections for electronic protected health information under the Security Rule, and an agent with access to ePHI is subject to the same technical safeguards as a human workforce member. SOX demands that access to financial reporting systems be controlled, segregated, and reviewable, which becomes genuinely difficult when an autonomous agent can touch the general ledger. The EU AI Act adds an AI-specific layer, and its timeline is widely misunderstood. Following the Digital Omnibus agreement, obligations for standalone high-risk systems under Annex III were deferred to December 2, 2027. But the Article 50 transparency obligations still apply from August 2, 2026, meaning agents that interact with people in the EU must disclose their artificial nature on the original schedule. Treating the Omnibus as a blanket delay is one of the most common compliance mistakes being made right now. Important: The Digital Omnibus deferred the high-risk regime, not the whole Act. If an AI agent interacts with users in the EU, the August 2, 2026, transparency requirements were not moved, and the AI Office’s enforcement powers go live on the same date. Do not stand down 2026 workstreams based on headlines about the 2027 deferral. How AI Agents Create New Compliance Risks Agents break the assumptions most compliance programs are built on. A human user requests access, receives a role, and behaves within a predictable envelope. An agent reasons about its own goals, chains tool calls across systems, and can attempt actions its designers never anticipated. It operates at machine speed and machine volume, so a misconfigured permission produces thousands of non-compliant data touches before anyone notices. And because agents frequently run on shared service accounts or borrowed OAuth tokens, attribution collapses: the audit log says the CRM was queried, but not by whom, for what purpose, or under whose authority. The Gap Between Traditional IAM Compliance and Agentic AI Traditional IAM assumes identities are stable, access needs are predictable, and behavior maps to a job description. None of that holds for agents. A 2026 Cloud Security Alliance survey found that 68% of organizations cannot reliably distinguish AI agent activity from human activity in their logs. For a compliance function, that is disqualifying. If you cannot separate agent actions from human actions, you cannot certify access, demonstrate segregation of duties, or respond to a data subject access request with confidence. Core Compliance Requirements for AI Agent Access Auditability and Traceability of Agent Actions Every major framework converges on the same demand: show your work. For agents, a login timestamp is not enough. A defensible audit trail captures the full chain of custody for each action: which agent acted, which human or process delegated the authority, which tool or API was invoked, which data was accessed, and what the outcome was. Gartner’s 2026 Market Guide for what it calls “guardian agents” describes exactly this pattern of recording agent-to-tool-to-target chains for compliance reporting and incident response. Data Protection and Privacy Obligations Agents must operate inside the same data protection perimeter as everything else. That means Data Loss Prevention (DLP) controls apply to agent outputs, not just human uploads. It means an agent’s access to personal data needs a lawful basis, documented before deployment, not reverse-engineered after. And it means retention rules follow the data into whatever context window, vector store, or scratchpad the agent moves it into. Separation of Duties in Autonomous Systems Separation of duties exists so that no single actor can both commit and conceal an error or a fraud. A single agent granted permissions across procurement, approval, and payment reconstitutes exactly the toxic combination SOX controls were designed to prevent, except now it executes at machine speed. The control translates directly: no agent should hold permission sets that a human in the same process would be prohibited from combining, and multi-agent workflows need the same conflict analysis as human role assignments. Consent, Purpose Limitation, and Data Minimization Purpose limitation is the principle that agents most naturally violate. An agent given broad access “to be helpful” will use data collected for one purpose to accomplish another, because nothing in its architecture knows the difference. Compliance-ready agent access means scoping data access to the declared purpose of the task and enforcing that scope technically rather than hoping the system prompt holds. Insider Note: In practice, the purpose limitation failures we see are rarely dramatic. They look like a support agent enriching a ticket with data pulled from the sales

SOC 2 Report vs. Certification

SOC 2 is not a certification, and no auditor will ever hand you a SOC 2 certificate. What you receive at the end of the audit is an attestation report: a detailed document, often 60 to 100 pages long, in which a licensed CPA firm expresses a professional opinion on your controls. That distinction sounds like pedantry until a prospect’s security team asks to see your “certificate” and you have nothing that looks like one. This article explains exactly what a SOC 2 report is, what it contains, how it differs from an ISO 27001 certificate, and how to talk about your SOC 2 status without misrepresenting it. Is SOC 2 a Certification or a Report? The Common Misconception About “SOC 2 Certification” Search volume tells the story: far more people look for “SOC 2 certification” than for “SOC 2 attestation,” and sales teams, procurement questionnaires, and even some auditors use the certification shorthand daily. The misconception is understandable. Every other major framework in the compliance stack, from ISO 27001 to PCI DSS, ends in something that looks like a pass. SOC 2 does not work that way, and treating it as if it does leads to awkward conversations during vendor due diligence. Why SOC 2 Is Technically an Attestation, Not a Certification A certification is a binary judgment issued by an accredited body: you meet the standard, or you do not. SOC 2 sits under the AICPA’s attestation standards, primarily SSAE 18 and its later amendments (SSAE 21 updated the relevant examination sections), specifically AT-C section 105 and AT-C section 205. Under those standards, an independent service auditor examines your controls and reports an opinion on them. Nobody “passes.” The auditor attests to what they found, in writing, with evidence. The output is a report, and the report is the entire deliverable. Understanding the SOC 2 Attestation Model What Is an Attestation Engagement? An attestation engagement is a formal examination in which a practitioner evaluates subject matter prepared by another party against defined criteria, then issues a written conclusion. In SOC 2, the subject matter is your system and its controls, the criteria are the AICPA’s Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, and Privacy), and the party preparing the subject matter is you, the service organization. Security is the only mandatory category; the other four are scoped in based on your service commitments. The Role of the AICPA and Licensed CPA Firms The AICPA (American Institute of Certified Public Accountants) owns the SOC framework and the attestation standards behind it, but it does not perform audits and does not issue anything to your company. Only a licensed CPA firm can conduct a SOC 2 examination and sign the resulting opinion. That licensing requirement is the quality mechanism: the firm’s professional liability, independence rules, and peer review obligations stand behind the report. In practice, this means the assurance you get is only as strong as the auditor’s reputation and independence posture, which is why enterprise buyers often look at who signed the report almost as carefully as they look at what it says. How Attestation Differs from Certification and Accreditation The three terms describe different assurance models. Certification means an accredited certification body confirms conformity with a standard and issues a certificate, as happens with ISO 27001. Accreditation is one level up: it is the process by which national bodies, such as those coordinated through the International Accreditation Forum, authorize those certification bodies to certify in the first place. Attestation involves no certificate and no accreditation chain. A CPA firm examines evidence and expresses an opinion under professional standards. The credibility comes from the auditor’s license and independence, not from a badge. What You Actually Receive After a SOC 2 Audit The SOC 2 Attestation Report Explained The deliverable is a confidential, restricted-use document addressed to your management and intended for your customers, their auditors, and other informed parties. It is dense by design. A prospect’s risk team reads it to understand what your system does, which controls you operate, how the auditor tested them, and what the auditor found. It replaces a certificate with something far more useful: evidence. Key Components of the Final Report Independent service auditor’s opinion. The first section, usually two to three pages, states the auditor’s formal conclusion on whether your system description is fairly presented and whether your controls were suitably designed (and, for Type 2, operating effectively). This is the section report readers check first. Management’s assertion. A signed statement in which your leadership formally asserts that the system description is accurate and that controls meet the applicable criteria. SSAE 18 made this management assertion a mandatory element, which means responsibility for the description sits with you, not the auditor. System description. The longest narrative section was prepared by management against the AICPA’s SOC 2 description criteria. It covers the services provided, infrastructure, software, people, data, processes, subservice organizations, and complementary user entity controls. Trust Services Criteria and controls tested. A mapping of each in-scope criterion to the specific controls you operate. This is where scoping decisions become visible: a report covering Security only looks very different from one covering all five categories. Results of testing. For Type 2 reports, a control-by-control table showing the tests the auditor performed and the results, including any exceptions. Sophisticated readers spend most of their time here, because exceptions and the auditor’s response to them reveal more than the opinion page does. What a SOC 2 Report Is NOT (No Certificate, No Logo, No Pass/Fail Badge) There is no official SOC 2 certificate, no numbered credential, and no register of “certified” companies you can be listed in. The AICPA licenses a standard SOC logo that service organizations may display for a limited time after report issuance, but the logo confirms only that an examination took place. It says nothing about the opinion inside. Anyone selling you a “SOC 2 certificate” as a standalone artifact is selling something the framework does not produce. Important: If

SIG Lite What It Covers, When to Use It, and Where It Falls Short

The full SIG content library contains 1,936 questions. SIG Lite asks 128 of them. That difference is the entire point: most vendor relationships do not justify a multi-week questionnaire exchange, and SIG Lite exists so risk teams can run standardized due diligence on lower-risk vendors without burning analyst hours or vendor goodwill. What Is SIG Lite? SIG Lite is the streamlined version of the Standardized Information Gathering (SIG) questionnaire, the most widely used third-party risk assessment instrument in the industry. It condenses the full SIG question set into a short, high-level assessment of a vendor’s information security, privacy, and resilience controls. It is a self-assessment, not an audit: the vendor answers, the assessor evaluates, and the completed questionnaire becomes evidence of due diligence in a third-party risk management (TPRM) program. Purpose of the SIG Lite Questionnaire The purpose is speed with consistency. SIG Lite gives an outsourcing organization a broad understanding of a third party’s internal control environment using a standardized question set, so answers are comparable across an entire vendor portfolio. It works either as a complete assessment for low-risk vendors or as a preliminary screen that decides whether a deeper review is warranted. Because every vendor answers the same questions, risk teams can rank, tier, and triage instead of interpreting fifty differently formatted responses. Who Created and Maintains SIG Lite? SIG Lite is owned and maintained by Shared Assessments, a member-driven standards organization formed in 2005 when the Big Four accounting firms and six global banks set out to fix the inefficiency of every company writing its own vendor questionnaire. The SIG is developed through a formal governance process that draws on practitioner feedback and tracks evolving regulations and standards, which is a large part of why it has held its position as the de facto industry template. SOC 2, ISO 27001 and HIPAA done for you. Fixed fee, 100% audit pass rate. Audit-ready in 6 weeks. Not 6 months. Schedule Free Assessment What’s Included in the SIG Lite Questionnaire? Number of Questions and Structure The 2025 release of SIG Lite contains 128 questions. The exact count shifts slightly with each annual update (recent versions have ranged from roughly 126 to 133), so always confirm the version you are working with. Questions are predominantly yes/no with room for comments and references to supporting evidence, and each question maps back to the SIG content library and to external frameworks. SIG Lite ships as a single-worksheet questionnaire, which keeps completion and review manageable. Risk Domains Covered in SIG Lite SIG Lite draws its questions from the same 21 risk domains that structure the entire SIG, grouped into four control areas: Governance and Risk Management, Information Protection, IT Operations and Business Resilience, and Security Incident and Threat Management. In practice, that means high-level coverage of access control, information security policy, data privacy, cloud security, business continuity, incident response, supply chain risk, human resources security, compliance management, and ESG, among others. The breadth is the same as SIG Core; the depth per domain is what gets trimmed. Format and Delivery (Spreadsheet and Toolkit) Historically, the SIG has been delivered as an Excel workbook generated by the SIG Manager, the macro-driven engine inside the SIG Questionnaire Toolkit that lets assessors scope, generate, store, and compare questionnaires. That is changing. In March 2026, Shared Assessments launched SIG EV (Evolution), a browser-based platform that moves questionnaire creation, distribution, comparison, and grading to the cloud while preserving the same content and methodology. Vendors can still respond in Excel, and assessors can upload completed files, so the transition does not break existing workflows. Worth Knowing: SIG Questions & Permissions SIG questions cannot be edited without written permission from Shared Assessments, but assessors can add up to 100 custom questions to a scoped questionnaire. That is usually enough headroom to cover industry-specific requirements without abandoning the standard. When Should You Use SIG Lite? Ideal Vendor Risk Scenarios SIG Lite fits three situations well. First, vendors with no access to sensitive data or critical systems, where a full assessment would be disproportionate. Second, large vendor portfolios, where sending 600-plus questions to every supplier would stall onboarding across the board. Third, early-stage evaluation, where you need enough signal to decide whether a relationship is worth deeper diligence. Low-Risk vs. High-Risk Vendor Assessments The dividing line is data and criticality. A marketing tool that touches no customer records, a facilities contractor, or a niche SaaS product with read-only access to public data can all be assessed adequately with SIG Lite. A payroll processor, a cloud provider hosting production data, or any vendor storing regulated information under HIPAA, PCI DSS, GDPR, or GLBA should get SIG Core. Using Lite on a high-risk vendor is a documented gap waiting to be found in your next audit. Initial vs. In-Depth Risk Screening Many mature programs use SIG Lite as a gate rather than a destination. The Lite response feeds an initial risk score; vendors that trip defined thresholds (a missing incident response plan, no encryption at rest, no independent certification) graduate to SIG Core or a targeted domain-level assessment. This two-stage pattern keeps effort proportional to risk and gives vendors a lighter first touch. SIG Lite vs. SIG Core: Key Differences Both questionnaires come from the same content library and cover the same 21 risk domains. The differences are scope, depth, and effort. Question Count and Scope SIG Lite’s 128 questions sit at the top of the control hierarchy: does a policy exist, is a program in place, and is there independent validation? SIG Core’s 627 questions descend into how each control actually operates. Beyond both sits the full SIG Detail library of 1,936 questions, which assessors use to build custom scopes by regulation, domain, or control family. Depth of Assessment A SIG Lite answer tells you a vendor has an access control program. A SIG Core response tells you how privileged accounts are reviewed, how quickly access is revoked at termination, and how authentication is enforced across environments. If your obligation is