← Compliance / SOC 2
BlockForge provides built-in controls that map to SOC 2 Security, Availability, and Processing Integrity criteria. Continuous monitoring, encrypted backups, audit logging, and role-based access — ready for your next audit.
~90%
criteria coverage
Security
Strong
Availability
Strong
Integrity
Partial
Confidentiality
Partial
The Security category spans CC1 through CC9 and forms the foundation of every SOC 2 engagement. BlockForge addresses key criteria with built-in monitoring, access control, and incident response capabilities.
CC4.1
Continuous monitoring with exportable audit reports in PDF and CSV. Compliance scoring, vulnerability scanning, and change detection with real-time alerting across all WordPress installations.
CC5.1
Automated security key rotation, malware scanning schedules, and backup verification workflows that enforce operational controls without manual intervention.
CC6.1
Role-based access control with granular permissions plus TOTP-based two-factor authentication with recovery codes, rate limiting, and password-protected disable.
CC6.6
HMAC-SHA256 authenticated API communication between all system components. Every request between BlockForge and your WordPress sites is cryptographically signed and verified.
CC7.2
Complete audit trail of all platform actions, external change detection with actor tracking. Every action is logged with timestamps, user identity, and context.
CC7.3
Multi-channel notifications (Email, Slack, Webhooks) with severity-based routing and critical event push. Configure escalation chains per site or globally.
CC7.4
WordPress broken detection with automated recovery, configurable escalation chains. When a site goes down or is compromised, BlockForge initiates response workflows automatically.
CC8.1
Activity logging for all changes, staging environments for safe testing, and file integrity verification. Test updates in isolation before deploying to production.
The Availability criteria focus on system uptime, disaster recovery, and capacity management. BlockForge provides continuous monitoring, automated backups, and recovery validation.
A1.1
Multi-probe uptime monitoring from distributed geographic locations, performance metrics tracking. Detect degradation before it becomes an outage.
A1.2
Automated daily backups with dual-location storage, WordPress auto-healing after detected failures. Backups are encrypted with AES-256 and stored in geographically separate locations.
A1.3
Automated backup verification in isolated containers, restore capability validation. Every backup is tested to ensure it can actually be restored when needed.
BlockForge provides partial coverage for Processing Integrity and Confidentiality criteria. These controls focus on data accuracy, completeness, and protection of sensitive information.
PI1 — Partial Coverage
Change detection ensures processing accuracy by identifying unauthorized modifications. The complete audit trail provides full traceability of every action performed on your WordPress infrastructure.
C1 — Partial Coverage
Sensitive data is protected with encryption at rest and in transit. Access is controlled through role-based permissions, and all API communication is cryptographically authenticated.
Beyond the core criteria, BlockForge provides additional controls that strengthen your SOC 2 posture.
CC4.1
Aggregated risk overview with compliance score distribution, category breakdown, and critical issues tracking across your entire workspace.
CC6.1
Active session monitoring with configurable timeouts, individual and bulk session revocation, and device tracking for all platform users.
CC6.5
Configurable retention periods for activity logs, uptime checks, security scans, and backups with automated data disposal and compliance tracking.
BlockForge maps to multiple compliance frameworks. Explore how your WordPress infrastructure addresses each set of requirements.
ISO 27001
Annex A controls for access control, operations security, and business continuity.
NIS2
Incident handling, business continuity, and supply chain security requirements.
GDPR
Article 32 technical measures, breach detection, and data integrity controls.
Start mapping your WordPress infrastructure to SOC 2 Trust Service Criteria today. No credit card required.