01
Provisioning, revocation, and privilege changes are captured as they happen
Provisioning, revocation, and privilege changes are captured as they happen
SOLUTION · COMPLIANCE
Access reviews that don't take three weeks.
KINT generates SOC 2 CC6 evidence as a byproduct of running access lifecycle workflows. When the auditor asks, you already have the answer.
Solution path
SOC 2 Access Reviews
Positioning page, same KINT runtime. Source events, governed workflows, evidence, and replay stay in one operating model.
PROOF PATH
How evidence stays ready.
02
Each workflow maps to SOC 2 CC6.1, CC6.2, and CC6.3
Each workflow maps to SOC 2 CC6.1, CC6.2, and CC6.3
03
Reviewers see the role rule, approval state, timestamps, and app evidence
Reviewers see the role rule, approval state, timestamps, and app evidence
04
Auditors export signed packets instead of chasing screenshots
Auditors export signed packets instead of chasing screenshots
WHAT IT HANDLES
What KINT keeps ready
CC6.1 logical access evidence
CC6.2 authorization evidence
CC6.3 removal evidence
Auditor read-only access and signed exports
WHY IT MATTERS
Continuous evidence beats quarterly scramble
SOC 2 access reviews are the audit step that breaks IT teams.
A 250-person company has 15+ apps, hundreds of users, and a 90-day re-attestation cycle. Doing it by spreadsheet means three weeks of work every quarter. Doing it badly means audit findings.
KINT generates the evidence continuously. Every account creation, every revocation, every privilege change is logged with the SOC 2 control it maps to. When the quarterly review comes, you don't generate evidence — you review what's already there.
What auditors ask for
CC6.1 — Logical access
"Show every account created in the last 90 days. Confirm the access was appropriate." How KINT answers: Every provisioning workflow includes the role, department, manager, and approval state. Exportable as PDF.
CC6.2 — Authorization
"Show how access decisions were made. What role, who approved, when, and why." How KINT answers: Every workflow logs the role rule that triggered it, the manager who approved if any, and the approval timestamp.
CC6.3 — Removal
"Show every revocation in the last 90 days. What triggered it, how long it took." How KINT answers: Every revocation workflow captures the trigger event, completion timestamp, and per-app evidence.
FAQ
Can our auditor have read-only access?
Yes. Invite them as a viewer. They see signed evidence and can replay workflow runs in a sandbox.
What controls beyond CC6 are mapped?
CC6.1, CC6.2, and CC6.3 are the core. ISO 27001 A.9 mappings are included. HIPAA and GDPR annotations are available where applicable.
What about access reviews for apps KINT doesn't manage?
KINT covers what KINT connects. For apps outside the connector library, evidence still has to come from those systems.
Do you support continuous controls monitoring?
Yes. Findings surface continuously, not just at quarterly review time. Drift alerts catch configuration changes.