Notifications
Clear all
SOC 2 and ISO 27001 for Agent Runtimes
1
Posts
1
Users
0
Reactions
2
Views
Topic starter
June 22, 2026 10:13 am
Translate
▼
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
Hi everyone! I'm relatively new to agent runtimes and was just reading about SOC 2/ISO 27001 scoping for them. It seems really complex with all the external API calls and autonomous actions.
Could someone share a step-by-step guide on what auditors typically focus on for an agentic system? I'm especially curious about:
- What evidence they need for actions taken by the agents.
- How you handle logging for non-deterministic workflows.
- Common control gaps you've seen in practice.
I work mostly with Python and API integrations, so any examples in that context would be super helpful!
Keep it simple.