InsiderShieldInsiderShield
Public

SOC 2 Coverage

SOC 2 CC1–CC9 coverage for Google Workspace and GitHub.

SOC 2 Coverage (Google Workspace + GitHub)

This document describes the SOC 2 CC1�CC9 coverage in InsiderShield for the supported integrations.

Automated Coverage

Google Workspace

  • CC6.1: MFA enabled, 2SV enforcement, super admin limits
  • CC6.2: Dormant/suspended accounts
  • CC6.3: Account inventory (user enumeration)
  • CC6.6: Third-party OAuth app access review
  • CC6.8: Password policy (manual evidence if API not available)
  • CC6.9: Mobile device inventory

GitHub (GitHub App)

  • CC6.1: Org-wide 2FA requirement
  • CC6.2: Default repo permission (least privilege)
  • CC7.2: Branch protection + code scanning coverage
  • CC7.3: Required status checks
  • CC7.5: Dependabot alerts
  • CC8.1: Required PR reviews
  • CC6.6: Secret scanning

Manual Evidence / Attestation

Controls without a reliable API source require evidence uploads or attestations. Evidence lives in the Controls view.

Coming Soon

AWS, Slack, Azure, Okta integrations are shown as Coming Soon until scanners are implemented.