SOC 2 Access Controls
Enforce SOC 2 Type II access control and credential management requirements.
About This Policy Template
SOC 2 compliance policy that enforces access control requirements across Trust Services Criteria. Monitors for credential sharing, unauthorized access patterns, exposed API keys, default credentials, and permission escalation indicators. Essential for B2B SaaS companies demonstrating security controls to enterprise customers.
Policy Rules(3)
High Severity
(3)API Key Exposure
Detect exposed API keys and tokens
Credential Sharing Detection
Detect potential credential sharing in communications
Default Credentials Detection
Detect default or common credentials that should be changed
Enforcement by Integration
What happens when a violation is detected, based on the enforcement mode and integration type.
| Integration | Block | Approval | Warn | Monitor |
|---|---|---|---|---|
Version Control GitHub, GitLab, Bitbucket | Fail check run / merge request status | Pending check run — held for review | Neutral check run / comment on PR | Pass check run (silent) |
Email — Gmail Gmail | Quarantine label; + violation label (outbound) | Quarantine label — held for review | Add warning label | Log only |
Email — Outlook Outlook | Move to quarantine folder; + flag (outbound) | Move to quarantine — held for review | Flag + categorize | Log only |
Messaging Slack, Teams | Post violation warning in channel | Post 'held for review' warning | Post warning in channel | Log only |
Storage Google Drive, Dropbox, OneDrive | Move file to quarantine folder | Quarantine file — held for review | Log only | Log only |
AI Proxy OpenAI, Anthropic, Gemini, MCP, Agent | Block request (return 403) | Hold request — return review ID | Allow request + audit trail | Log only |
API REST API | Return BLOCK outcome (client decides) | Return APPROVAL_REQUIRED + poll URL | Return WARN outcome | Log only |
Version History
1 version published
Initial release
SOC 2 with AI questions?
Answer the AI-specific SOC 2 questions with controls Aguardic enforces
Ready to Install SOC 2 Access Controls?
Get started with pre-built governance policies in minutes.