SOC 2 Type II and ISO 27001 certification evidence — AutoPIL audit chain and access controls are direct evidence artifacts for auditor review, not supporting documentation.
SOC 2 is an auditing framework developed by the AICPA based on Trust Services Criteria. The Security category (Common Criteria) is the only required category for SOC 2 certification; Availability, Confidentiality, Processing Integrity, and Privacy are optional additions. Type II certification covers a defined period — typically 6 to 12 months — and requires demonstrating that controls were operating effectively throughout, not just at a point in time.
AI agents represent a growing gap in Type II evidence packages. Auditors increasingly ask how organisations govern non-human identities accessing production systems, and most enterprise security controls — MFA, PAM vaults, SSO — were designed for human users. An AI agent that queries a customer database, a financial ledger, or a healthcare record is accessing production data without passing through any of those controls. AutoPIL closes this gap by placing a policy enforcement and audit logging layer in front of every AI agent data access, producing evidence that directly addresses auditor questions about non-human access governance.
The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events. Requirements include unique identification and authentication before access is granted, restriction based on need-to-know, and prevention of unauthorised changes to system configurations.
For AI agents, CC6.1 requires that each agent be uniquely identified and that its data access be restricted to what it actually needs — not what the service account connecting it happens to have access to. AutoPIL's agent registry assigns a unique agent_id to each registered agent and the policy engine enforces source-level access restrictions at retrieval time. An agent authorised to access aggregated transaction summaries cannot retrieve individual transaction records, even from the same database. Every decision is logged, producing the CC6.1 evidence trail auditors require.
Before issuing system credentials and granting access, the entity registers and authorises new internal and external users whose access is administered by the entity. There must be a documented approval workflow, and access must be tied to a verifiable identity.
The gap for AI agents is that most organisations do not have a formal registration and authorisation workflow for agents — they are deployed as part of an application release without a distinct access governance step. AutoPIL requires every agent to be registered in the registry with role assignment and policy binding before any data access is permitted. The registration record — including who created it, when, and under which policy — serves as the CC6.2 approval documentation for auditors.
The entity authorises, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design. Least privilege and segregation of duties must be considered.
AI agents often inherit overly broad roles because they are deployed under service accounts that existed before agent-specific access governance was in place. A fraud detection agent and a customer service agent may share the same service identity despite having fundamentally different data access needs. AutoPIL enforces role-level access at the policy layer — a fraud_investigator role has access to transaction signals and watchlist data; a customer_service role is restricted to account summaries and contact information. These restrictions apply at every runtime call, not just at provisioning time, and the audit chain records the role used in each decision.
The entity implements logical access security measures to protect against threats from sources outside its system boundaries. This applies to any external communication path — APIs, webhooks, integration endpoints.
AI agents increasingly operate across external boundaries — calling third-party LLMs, retrieving data from partner APIs, or using MCP-style tool servers. Each of these connections is an external communication channel within CC6.6 scope. AutoPIL authenticates every agent call via API key or mTLS certificate before the governance decision is made, and logs every cross-boundary access event. For integration scenarios — such as a webhook from a security platform triggering an AI governance check — all access to AutoPIL's endpoints is authenticated and auditable.
ISO 27001 is a certifiable information security management system standard. The 2022 revision reorganised controls into four themes: Organisational, People, Physical, and Technological. For AI agent governance, the relevant Annex A controls are A.5.15 (Access Control), A.5.16 (Identity Management), A.8.2 (Privileged Access Rights), and A.8.5 (Secure Authentication).
ISO 27001 requires that access controls be implemented, monitored, and reviewed — it is not a point-in-time certification. AutoPIL's policy versioning and audit chain provide the ongoing monitoring and review evidence ISO 27001 requires. When a policy changes, the change is versioned and all subsequent audit events reference the new version, providing a continuous evidence record rather than a snapshot.
This page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.
AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.