Skip to main content
Glama
deenesjakoruzh
CSOAI-ORG

SOC2 Compliance AI MCP

Official
by CSOAI-ORG
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

soc2-compliance-ai-mcp MCP server MCP Registry PyPI

soc2-compliance-ai-mcp MCP server

PyPI Downloads GitHub stars License: MIT

SOC 2 Compliance MCP

Assess AI/ML systems against all 5 Trust Service Criteria with gap analysis, control matrices, and HMAC-signed attestations.

MEOK AI Labs

Install · Tools · Pricing · Attestation API

Why This Exists

SOC 2 Type II reports are the baseline trust signal for any SaaS or AI vendor selling into enterprise. But AI systems introduce control gaps that traditional SOC 2 assessments miss: model provenance, training data governance, drift monitoring, and explainability obligations.

Most compliance teams either bolt AI onto existing SOC 2 control matrices by hand or pay $40K+ for a consultancy engagement. This MCP maps AI/ML-specific risks to the 5 Trust Service Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy), generates control matrices aligned to AICPA 2023 guidance, and crosswalks to ISO 27001 for organisations holding both certifications.

Install

pip install soc2-compliance-ai-mcp

Tools

Tool

TSC Reference

What it does

assess_trust_principles

CC1-CC9, A1, PI1, C1, P1

Full assessment against all 5 Trust Service Criteria

control_gap_analysis

CC6, CC7, CC8

Identify missing or weak controls for AI systems

generate_control_matrix

All TSC

Produce a control matrix mapping AI risks to SOC 2 criteria

risk_assessment

CC3, CC4

AICPA-aligned risk assessment for AI/ML workloads

crosswalk_to_iso27001

Annex A mapping

Map SOC 2 controls to ISO 27001:2022 Annex A

readiness_checklist

Type I / Type II

Pre-audit readiness checklist with remediation priorities

Example

Prompt: "Assess our customer-facing LLM chatbot against SOC 2 Trust Service
Criteria. It processes financial data, stores conversation logs for 90 days,
and uses a third-party model API."

Result: Assessment across all 5 TSC with findings on third-party model API
vendor risk, missing drift monitoring, undocumented retention policy.
Each finding includes remediation steps and control references.

Pricing

Tier

Price

What you get

Free

£0

10 calls/day — trust principles assessment + gap analysis

Pro

£199/mo

Unlimited + HMAC-signed attestations + verify URLs

Enterprise

£1,499/mo

Multi-tenant + co-branded reports + webhooks

Subscribe to Pro · Enterprise

Attestation API

Every Pro/Enterprise audit produces a cryptographically signed certificate:

POST https://meok-attestation-api.vercel.app/sign
GET  https://meok-attestation-api.vercel.app/verify/{cert_id}

Zero-dep verifier: pip install meok-attestation-verify

Links

License

MIT

This server cannot be installed

A
license - permissive license
-
quality - not tested
B
maintenance

How are these scores calculated?

Maintenance

Maintainers
Response time
Release cycle
1Releases (12mo)

Resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/CSOAI-ORG/soc2-compliance-ai-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server