Back to resource library

WisdomPrompt checklist

SOC 2 AI Prompt Traceability Checklist

Use this checklist when AI-assisted workflows touch customer commitments, security operations, internal controls, regulated content, or systems that matter to SOC 2 evidence.

Workflow scope

  • AI workflow owner and business purpose
  • Prompt, instruction, or agent policy under review
  • Model, provider, tool, and data-access context
  • Trust-services criteria or control family affected

Change and approval evidence

  • Prompt or instruction version history
  • Named approver and review date
  • Approval criteria and exception rationale
  • Rollback or disable path for unsafe changes

Access and logging

  • Read/write permissions for tools and connected systems
  • Logs for tool calls, approvals, blocked actions, and failures
  • Retention period for review evidence
  • Owner review of unusual or high-risk output

Audit package

  • Control-to-evidence mapping
  • Open gaps and remediation owners
  • Accepted-risk decisions
  • Exportable traceability view for auditors or customers

WisdomPrompt connects prompt governance, AI workflow approvals, access records, and SOC 2 evidence in one reviewable workspace.