AI Vendor Evidence Gap Notes #3

SOC 2 is useful evidence.

It is not automatically evidence that the AI data path is covered.

A SOC 2 report may support baseline control posture.

It may still not prove whether the specific AI product, feature, model path, support workflow, retention path, region, and contract boundary match the buyer’s use case.

That is the gap.

The question is not only:

“Does the vendor have SOC 2?”

The better question is:

“What does the SOC 2 report actually prove for this AI workflow, and what still needs to be mapped before real data use?”

Claim

The vendor says:

“We have a SOC 2 Type II report.”

Or:

“Our platform is SOC 2 compliant.”

Or:

“Our security controls are independently audited.”

That statement may be useful.

It is not the same as proving that the buyer’s actual AI data path is covered.

Why it sounds sufficient

SOC 2 sounds formal.

It usually involves an independent auditor, a reporting period, a defined system scope, and tested controls.

For a standard SaaS review, that may answer many baseline security questions.

It can help a buyer understand whether the vendor has controls for access management, change management, incident response, monitoring, vendor management, and security operations.

That matters.

But AI vendor review usually asks a narrower question.

The buyer is not only buying “the platform.”

The buyer may be sending prompts, files, meeting audio, transcripts, summaries, source code, customer records, metadata, logs, embeddings, support tickets, or evaluation data into a specific AI workflow.

A SOC 2 report may cover some of that.

It may cover none of it.

The buyer cannot know unless the report scope is mapped to the actual use case.

What it actually proves

A SOC 2 report may prove that the vendor had a tested control environment for the scoped system during the covered period.

It may support claims such as:

The vendor has access control procedures.

The vendor reviews privileged access.

The vendor manages changes through a controlled process.

The vendor monitors relevant systems.

The vendor has incident response procedures.

The vendor tracks certain third-party service providers.

The vendor has documented security policies.

Those are useful evidence points.

But they are not automatically evidence for the specific AI product, AI feature, model provider route, retrieval layer, data retention path, support access path, or customer use case.

SOC 2 can support the review.

It does not replace the review.

What it does not prove

A SOC 2 report does not automatically prove that the specific AI product is in scope.

It does not automatically prove that the buyer’s product plan or tier is covered.

It does not automatically prove which model provider processes the data.

It does not automatically prove whether prompts, outputs, files, transcripts, summaries, embeddings, logs, or metadata are retained differently.

It does not automatically prove whether customer content enters support queues, abuse review, safety review, model evaluation, analytics, or troubleshooting workflows.

It does not automatically prove whether the subprocessor list maps to the actual AI workflow.

It does not automatically prove whether a “no training” claim applies to all operational data, or only to model training.

It does not automatically prove regional routing.

It does not automatically prove deletion across active storage, logs, caches, backups, support copies, or derived data.

It does not automatically prove the contract boundary.

This is where many review files become weak.

The file contains SOC 2.

But the file does not show how SOC 2 maps to the actual AI data path.

Weak-answer pattern

This is a certification scope blur.

The buyer asks:

“Can we use this AI vendor for this workflow?”

The vendor answers:

“We have SOC 2.”

That is not a bad answer.

It is an incomplete review record.

The missing question is:

“Which part of the AI workflow does this report cover?”

For example:

Does the report cover the AI feature itself?

Does it cover transcription?

Does it cover summarization?

Does it cover retrieval or embedding?

Does it cover the model provider route?

Does it cover support access to customer content?

Does it cover regional processing?

Does it cover the buyer’s plan?

Does it cover the current review date?

If those questions are not answered, SOC 2 remains source material.

It is not yet evidence-complete for the use case.

Evidence request

Do not ask only:

“Can you provide your SOC 2?”

Ask for scope mapping.

A better request is:

“Please confirm whether the SOC 2 report scope covers the specific AI product, plan, and features used in this workflow, including processing of prompts, outputs, files, transcripts, summaries, metadata, logs, embeddings, support artifacts, model provider routes, and subprocessors.”

Then ask:

Which product and plan are covered?

Which AI features are in scope?

Are model providers, transcription services, embedding systems, retrieval systems, or external processors included?

Does the report period cover the current review date?

Are support workflows, troubleshooting access, abuse monitoring, or safety review included?

Are logs and metadata treated as customer data, operational data, security data, or something else?

Which controls apply to retention, deletion, access, and routing?

Which contractual terms confirm the operational boundary?

That is how SOC 2 becomes reviewable.

Review note

A weak review note says:

“SOC 2 received. Risk resolved.”

A stronger review note says:

“The SOC 2 report supports the existence of a tested control environment for the vendor’s stated scope and reporting period. It does not by itself establish whether the specific AI product, feature, model path, data type, region, support workflow, retention layer, or customer use case is covered. Additional product-specific scope mapping is required before relying on the report for this AI workflow.”

That note does not reject the vendor.

It draws the evidence boundary.

It tells the buyer what the report supports and where the report stops.

Usage boundary

Until the SOC 2 scope is mapped to the actual AI workflow, usage should stay bounded.

A sample usage boundary:

“Use may remain limited to low-sensitivity internal data while SOC 2 scope, AI feature coverage, data flow, model routing, subprocessor handling, support access, retention, deletion, and contract boundaries are clarified. Do not expand to customer confidential data, regulated data, source code, or externally relied-upon outputs until those evidence gaps are resolved.”

That is not approval.

That is review preparation.

The review unit is not the vendor name.

The review unit is:

vendor + product + plan + use case + data type + region + contract terms + evidence date.

SOC 2 can support that review.

It cannot do the whole job by itself.

Boundary

This material is for evidence structuring and review preparation. It does not provide legal, regulatory, audit, procurement, certification, or implementation advice.

The goal is not to approve or reject a vendor.

The goal is to make the evidence gap visible before real data use.

I now have a sanitized sample evidence gap memo showing how this looks in a review file.

Reply if you want the sample.