WisdomPrompt checklist
SOC 2 AI Prompt Traceability Checklist
Use this checklist when AI-assisted workflows touch customer commitments, security operations, internal controls, regulated content, or systems that matter to SOC 2 evidence.
Workflow scope
- AI workflow owner and business purpose
- Prompt, instruction, or agent policy under review
- Model, provider, tool, and data-access context
- Trust-services criteria or control family affected
Change and approval evidence
- Prompt or instruction version history
- Named approver and review date
- Approval criteria and exception rationale
- Rollback or disable path for unsafe changes
Access and logging
- Read/write permissions for tools and connected systems
- Logs for tool calls, approvals, blocked actions, and failures
- Retention period for review evidence
- Owner review of unusual or high-risk output
Audit package
- Control-to-evidence mapping
- Open gaps and remediation owners
- Accepted-risk decisions
- Exportable traceability view for auditors or customers
WisdomPrompt connects prompt governance, AI workflow approvals, access records, and SOC 2 evidence in one reviewable workspace.