soc2-compliance-mcp
v0.1.0
Published
MCP server for SOC 2 compliance — browse Trust Service Criteria, assess audit readiness, generate control narratives, evidence templates, and gap analysis for Type I and Type II audits
Maintainers
crawdeReadme
soc2-compliance-mcp
MCP server for SOC 2 compliance — browse Trust Service Criteria, assess audit readiness, generate control narratives, evidence templates, and gap analysis for Type I and Type II audits.
Tools
| Tool | Description |
|------|-------------|
| browse_controls | Browse all SOC 2 Trust Service Criteria controls by category, subcategory, or priority |
| assess_readiness | Score your audit readiness based on implemented controls |
| generate_control_narrative | Generate auditor-ready control narratives with customizable templates |
| gap_analysis | Identify missing controls with prioritized remediation roadmap and effort estimates |
| evidence_template | Generate evidence collection templates (checklist, detailed, or auditor-request format) |
| audit_prep_checklist | Comprehensive audit preparation timeline organized by phase |
Coverage
- Security (Common Criteria): CC1.1–CC9.2 — Control Environment, Risk Assessment, Monitoring, Logical Access, System Operations, Change Management
- Availability: A1.1–A1.3 — Capacity, Resilience, Recovery Testing
- Confidentiality: C1.1–C1.2 — Data Classification, Disposal
- Processing Integrity: PI1.1–PI1.3 — Accuracy, Inputs, Outputs
- Privacy: P1.1–P5.1 — Notice, Consent, Collection, Use/Retention, Data Subject Rights
Installation
npx soc2-compliance-mcpUsage with Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"soc2-compliance": {
"command": "npx",
"args": ["-y", "soc2-compliance-mcp"]
}
}
}Usage with VS Code
Add to your .vscode/mcp.json:
{
"servers": {
"soc2-compliance": {
"command": "npx",
"args": ["-y", "soc2-compliance-mcp"]
}
}
}Examples
Browse critical controls
Use browse_controls with priority: "critical"Assess readiness
Use assess_readiness with implementedControls: ["CC1.1", "CC3.1", "CC6.1", "CC7.1", "CC7.3", "CC8.1", "CC9.1"]Generate a control narrative
Use generate_control_narrative with controlId: "CC6.1", companyName: "Acme Corp"Gap analysis with timeline
Use gap_analysis with implementedControls: ["CC1.1", "CC6.1"], targetDate: "2026-09-01", teamSize: "small"Evidence template for auditor
Use evidence_template with controlId: "CC7.3", format: "auditor_request"License
MIT
Links
- Full SOC 2 compliance platform: ComplianceIQ
- npm: soc2-compliance-mcp