Sold by: Kriv AI
3-week virtual readiness engagement preparing SaaS and mid-market companies for SOC 2 Type II attestation of AI systems. Maps the AICPA 2017 Trust Services Criteria plus 2024 AI-specific guidance to your controls (LLM access, model audit trail, prompt injection defenses, AI service inventory, third-party AI vendor risk, training data governance). Three fixed-fee tiers (Security only / Security + Confidentiality / All five TSC) with optional CPA Firm Liaison add-on. Delivered by Kriv AI — AWS Select Tier Services Partner, Databricks Partner, and Anthropic Claude Partner Network member (approved April 9, 2026). Kriv prepares your evidence; the SOC 2 Type II report is issued by an independent CPA firm of your choice following the observation period defined with that firm.
Overview
SOC 2 Type II is the control attestation most procurement teams now require before signing mid-market and enterprise SaaS deals. For companies operating AI, ML, or agentic systems, the bar is higher: the AICPA's 2024 guidance clarifies how Trust Services Criteria apply to model training data, inference pipelines, prompt handling, and human-in-the-loop workflows. Most teams discover these gaps mid-audit, which pushes timelines and fees up.
Kriv AI's SOC 2 Type II Readiness engagement is a fixed-scope, three-week virtual program designed to surface those gaps before your CPA firm begins fieldwork. We run a controls walkthrough, evidence inventory, and gap analysis against the AICPA 2017 Trust Services Criteria Common Criteria (CC1–CC9), layered with the 2024 AI-specific considerations covering model governance, data lineage, third-party model risk, and prompt/output monitoring.
3-week structure:
Week 1 — Scoping + current-state mapping. AI service and system inventory (models, endpoints, data flows); TSC scoping (Security required; Availability / Confidentiality / Processing Integrity / Privacy optional); AI-specific control additions (LLM access control, model audit trail, prompt injection mitigation, AI incident response); system description draft. Week 2 — Evidence review + gap analysis. Gap analysis vs AICPA TSC 2017 Common Criteria (CC1–CC9) + 2024 AI Trust Services guidance; evidence inventory mapped to AWS audit services (CloudTrail, Config, Security Hub, GuardDuty); control narrative drafting; remediation roadmap prioritized by audit risk. Week 3 — Readiness report + CPA firm handoff. 25-page readiness report, control owner assignments, and handoff package for your chosen CPA firm (Insight Assurance, Scytale auditors, BD Emerson, Accorian, and others).
AI-specific controls added to standard SOC 2:
LLM access controls (API keys, IAM role-based model access) Model audit trail (Bedrock invocation logs via CloudTrail) Prompt injection defenses + incident response AI service inventory + change management Third-party AI vendor risk (Bedrock, OpenAI direct, Anthropic direct) AI training data governance
Three tiers. Security-only ($15K) is the common starting point. Adding Confidentiality ($20K) is standard for customer-data / model-output-under-NDA use cases. Full five-criteria ($25K) is appropriate for regulated or multi-tenant AI platforms.
Deliverables: 25-page readiness report · control matrix (CC1–CC9 + AI overlay) · evidence inventory linked to AWS services · system description draft for Type II observation period · remediation roadmap · CPA firm referral list.
Important disclaimers. Kriv AI prepares organizations for SOC 2 Type II attestation. Kriv AI is not a licensed CPA firm and does not issue SOC 2 reports. AWS infrastructure costs (CloudTrail, Config, Security Hub, GuardDuty) are billed directly by AWS. Anthropic CPN membership (April 9, 2026) does not constitute an endorsement by Anthropic.
Get started. info@kriv.ai · +1-732-433-5564. Most engagements kick off within 2–3 weeks of SOW.
Highlights
- 3-week virtual readiness for SOC 2 Type II — AICPA 2017 Trust Services Criteria plus 2024 AI-specific guidance. Common Criteria CC1–CC9 walkthrough with AI overlay covering LLM access controls, model audit trail (Bedrock invocations via CloudTrail), prompt injection defenses, AI incident response, AI service inventory and change management, third-party AI vendor risk, and training data governance — surfacing the gaps that derail most first-time SOC 2 + AI audits.
- Audit-ready deliverables on fixed-fee terms. 25-page readiness report, control matrix (CC1–CC9 + AI overlay), evidence inventory linked to AWS services, system description draft sized for the Type II observation period, prioritized remediation roadmap, and a CPA firm referral list (Insight Assurance, Scytale auditors, BD Emerson, Accorian, others). Optional CPA Firm Liaison add-on coordinates with your auditor through fieldwork without performing attestation work
- Three tiers $15K–$25K + $5K liaison — built for AI-native SaaS, not generic SOC 2. Security-only entry tier; Security + Confidentiality for customer-data and model-output-under-NDA use cases; full five-TSC tier for regulated or multi-tenant AI platforms. Delivered by AWS Select Tier Services Partner + Databricks Partner + Anthropic Claude Partner Network member (April 2026, no endorsement implied). Kriv prepares evidence — your independent CPA firm issues the SOC 2 Type II report
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Resources
Support
Vendor support
Primary support contact. info@kriv.ai · +1-732-433-5564 · https://kriv.ai/support
Response SLA. First response within 2 US business days (Mon–Fri 9 am – 6 pm ET, excluding US federal holidays). For active engagements, named Engagement Lead responds within 4 business hours during weekdays.
Engagement onboarding SLA. First customer contact within 2 US business days of (a) buyer inquiry via Marketplace and (b) private offer acceptance. Kickoff scheduled within 2 weeks of countersigned SOW.
Escalation path.
Engagement Lead (named in SOW) Practice Director (info@kriv.ai ) CEO Abhinav Dangri (info@kriv.ai )
Communication. Dedicated Microsoft Teams channel, weekly 60-minute video checkpoint, written status note every Friday. Customer SMEs requested 4–6 hours/week during 3-week window (CISO/Security, GRC, Engineering, DevOps, Data Science).
Documentation handoff. Deliverables provided as editable Word/Excel + PDF in your secure file share. Control matrix delivered as Excel mapped to CC1–CC9 + AI overlay; evidence inventory cross-references AWS services and ticket sources.
What support does NOT cover. Kriv is not a licensed CPA firm. We do not issue SOC 2 reports, perform attestation procedures, or sign Type II opinions. The CPA firm you select issues the Type II report after the observation period.
AWS-side billing. AWS infrastructure costs (CloudTrail, Config, Security Hub, GuardDuty, KMS) are billed directly by AWS and not included in Kriv AI fees.
Holiday coverage. Closed on US federal holidays. Engagement schedule adjusted at SOW execution if holidays fall in the 3-week window.