What SOC 2 controls cover LLM SQL access?

Question

Accepted Answer

SOC 2 (AICPA TSC 2017, with 2022 points-of-focus updates) doesn't name LLMs, but several Common Criteria map directly to AI-driven database access: - **CC6.1 Logical access controls.** Auditors will ask: how is the LLM agent's DB access scoped? Show per-agent DB roles + AST policy file under version control. - **CC6.2 New user/system provisioning.** Treat each new LLM agent as a "system user" — onboarding ticket, role grant rationale, owner. - **CC6.6 External boundary protection.** Where does prompt data flow? Is the LLM third-party (OpenAI, Anthropic)? Show data-flow diagram + DPA. - **CC7.2 System monitoring.** Tamper-evident query logs with rule-level decision data; ship to SIEM with alerts on `decision=reject` spikes. - **CC7.3 Incident response.** How would you reconstruct what an agent did during an incident? Show the evidence log replay capability. - **CC8.1 Change management.** Policy files under PR review; deploy via CI; rollback procedure documented. Tier-2 audit-ready posture: AST validator + policy DSL + hash-chained evidence log shipped to a SIEM with alerting on reject-rate anomalies, retained per the trust services category retention policy (typically 1 year). QueryShield provides the technical controls; the organizational policies (ownership, change management) are still on you.