trust-services-criteria
Safeguard articles tagged "trust-services-criteria" — guides, analysis, and best practices for software supply chain and application security.
5 articles
SOC 2 and software supply chain security: mapping the Trust Services Criteria
SOC 2 never says the words 'software bill of materials,' but auditors increasingly expect supply-chain evidence. Here's how the Trust Services Criteria map to your dependencies.
SOC 2 Compliance FAQ: Trust Services Criteria, Type II, and Evidence
A precise FAQ on SOC 2 in 2026 — what it is, Type I vs Type II, the five Trust Services Criteria, observation periods, who performs the audit, and the evidence auditors actually test.
SOC 2 Trust Services Criteria explained (security, availa...
A breakdown of the five SOC 2 Trust Services Criteria, when each applies, and where Secureframe-style control mapping stops short of software supply chain evidence.
SOC 2 Type II
What is SOC 2 Type II? A clear breakdown of the audit report, Trust Services Criteria, and how it differs from Type I — with real audit examples.
SOC 2 Type II for SaaS Startups in 2026
What a SOC 2 Type II audit actually requires in 2026, where supply chain controls now sit in the Trust Services Criteria, and how to scope a defensible first report.