Framework: SOC 2 Type II
Okta backup and disaster recovery for SOC 2
SOC 2 expects the identity layer that gates access to in-scope systems to be both reliable and demonstrably restorable. Auditors increasingly want point-in-time evidence — not just that backups exist, but that a restore would actually work.
Scope
In-scope control families
- CC6 — Logical and Physical Access
- CC7 — System Operations
- CC9 — Risk Mitigation
Coverage mapping
How Butterfly maps to SOC 2 Type II
CC6.1 — access control commensurate with risk
Restore preview shows which access-control entities would change before any restore is committed.
CC6.6 — boundary protection of identity systems
Audit Pack PDF surfaces tenant configuration history with SHA-256 manifest for tamper-evident handling.
CC7.5 — recovery from identified events
Restore Readiness Score is a continuous 0-to-100 number per connection; readiness is provable before the incident.
FAQ
Does the Audit Pack satisfy SOC 2 evidence requests directly?
It is built to be handed to your auditor with no translation step. The framework filter surfaces the SOC 2-mapped sections only.
Does Butterfly help with backup-restore testing evidence?
Restore preview is documented as a non-mutating operation and the operation is audit-logged. The log is part of the Audit Pack PDF.
Is Butterfly itself SOC 2 Type II certified?
SOC 2 work is in progress. The Trust Center tracks the current state and the projected report timeline honestly.
Other frameworks