Back to ComplianceView controlsView controlsView controlsView controlsView controls
SOC 2 Trust Services Criteria Mapping
This mapping demonstrates how Aurelis Technology's TISAX-certified controls address each SOC 2 Trust Services Criterion. TISAX (based on VDA ISA / ISO 27001) covers equivalent control domains.
Security (CC)
Protection of information and systems against unauthorized access
TISAX / VDA ISA Controls
- •Information security policy and organization (VDA ISA 1.x)
- •Access control and identity management (VDA ISA 4.x)
- •Network security and segmentation (VDA ISA 5.x)
- •Security monitoring and incident management (VDA ISA 6.x)
Availability (A)
Systems are available for operation and use as agreed
TISAX / VDA ISA Controls
- •Business continuity management (VDA ISA 3.x)
- •Multi-AZ infrastructure deployment
- •Disaster recovery capabilities and tested failover procedures
- •Service level monitoring and alerting
Confidentiality (C)
Information designated as confidential is protected as committed
TISAX / VDA ISA Controls
- •Data classification and handling (VDA ISA 2.x)
- •Encryption at rest and in transit (AES-256, TLS 1.2+)
- •Access restrictions and role-based access control
- •Client data isolation via AWS account separation
Processing Integrity (PI)
System processing is complete, valid, accurate, and authorized
TISAX / VDA ISA Controls
- •Data processing accuracy controls (VDA ISA 2.x)
- •Input validation and data integrity checks
- •Audit logging via AWS CloudTrail
- •Continuous monitoring with CloudWatch metrics and alerting
Privacy
Personal information is collected, used, retained, and disclosed in conformity with commitments
TISAX / VDA ISA Controls
- •Not applicable — the Aurelis Pricing Suite does not process personal identifiable information (PII) beyond basic user account data (email, first name, last name)
- •Basic user account data is handled in accordance with GDPR requirements
Note: Aurelis Technology is planning to pursue SOC 2 Type II certification. This mapping demonstrates how our existing TISAX-certified controls address the SOC 2 Trust Services Criteria.