Compliance / SOC 2 (TSC)
SOC 2 lives or dies on evidence quality. SecHive produces the technical artifacts your service auditor needs for CC4 (control evaluation), CC7 (monitoring) and CC8 (change management) — without the post-test reconstruction.
The mapping is intentionally narrow. We list only the articles where SecHive produces a directly defensible artifact, and we name the artifact.
| Article / control | What it requires | SecHive artifact |
|---|---|---|
| CC4.1 | Evaluate the design and operating effectiveness of controls. | Per-finding evidence chain with reviewer disposition and retest. |
| CC7.1 | Use of detection and monitoring procedures to identify changes. | Reproducible exploit chains feed detection engineering and tabletop input. |
| CC7.2 | Monitor system components and the operation of those components for anomalies. | Negative evidence and refutation log support anomaly-vs-vulnerability triage. |
| CC7.3 | Evaluate security events to determine response. | Severity, impact, and remediation guidance bound to each promoted finding. |
| CC7.4 | Respond to identified security incidents. | Replay scripts allow IR teams to verify scope of an issue post-fix. |
| CC8.1 | Authorize, design, develop or acquire, configure, document, test, approve, and implement changes. | PR-audit mode produces per-change evidence at integration time. |
What you can put in front of an auditor or a security review.
replay.sh per finding.SecHive renders an evidence matrix per engagement. Below is one row, redacted.
# evidence-row.yaml — redacted control: CC7.1 # effectiveness testing finding_id: VTX-RPL-0042 mode: black-box target: redacted target_ref: image@sha256:9c4e… # pinned artifact: path: artifacts/replay.sh sha256: 7c3a… signed: cosign:sechive-key disposition: reviewer: redacted-operator state: confirmed retest: status: fixed @ 2026-04-18 evidence: artifacts/retest-receipt.json
Bring the scope and the auditor's evidence list. We will produce the technical artifacts.