Back to Compliance

SOC 2 Trust Services Criteria Mapping

This mapping demonstrates how Aurelis Technology's TISAX-certified controls address each SOC 2 Trust Services Criterion. TISAX (based on VDA ISA / ISO 27001) covers equivalent control domains.

Security (CC)

Protection of information and systems against unauthorized access

TISAX / VDA ISA Controls

  • Information security policy and organization (VDA ISA 1.x)
  • Access control and identity management (VDA ISA 4.x)
  • Network security and segmentation (VDA ISA 5.x)
  • Security monitoring and incident management (VDA ISA 6.x)
View controls

Availability (A)

Systems are available for operation and use as agreed

TISAX / VDA ISA Controls

  • Business continuity management (VDA ISA 3.x)
  • Multi-AZ infrastructure deployment
  • Disaster recovery capabilities and tested failover procedures
  • Service level monitoring and alerting
View controls

Confidentiality (C)

Information designated as confidential is protected as committed

TISAX / VDA ISA Controls

  • Data classification and handling (VDA ISA 2.x)
  • Encryption at rest and in transit (AES-256, TLS 1.2+)
  • Access restrictions and role-based access control
  • Client data isolation via AWS account separation
View controls

Processing Integrity (PI)

System processing is complete, valid, accurate, and authorized

TISAX / VDA ISA Controls

  • Data processing accuracy controls (VDA ISA 2.x)
  • Input validation and data integrity checks
  • Audit logging via AWS CloudTrail
  • Continuous monitoring with CloudWatch metrics and alerting
View controls

Privacy

Personal information is collected, used, retained, and disclosed in conformity with commitments

TISAX / VDA ISA Controls

  • Not applicable — the Aurelis Pricing Suite does not process personal identifiable information (PII) beyond basic user account data (email, first name, last name)
  • Basic user account data is handled in accordance with GDPR requirements
View controls

Note: Aurelis Technology is planning to pursue SOC 2 Type II certification. This mapping demonstrates how our existing TISAX-certified controls address the SOC 2 Trust Services Criteria.