The SOC2 Controls That Actually Require Decision Logs (And Why No One Logs Them)

March 8, 2026 Over the last month, I've written three articles about deterministic decision logs. Each one has climbed to the top of Google. Each one has brought more readers to the API. They search for "SOC2 CC6.1 evidence." They search for "change management audit trails." They search for "access control decision logs." They're not looking for another compliance platform. They're looking for proof that their automated decisions actually satisfy specific controls. Here's what they're finding—and why no one else is providing it. The Controls That Demand Decision Logs Not all SOC2 controls are created equal. Some are about documentation. Some are about configuration. Some are about policies. But a specific subset requires something else: proof that a decision was made consistently. CC6.1 – Logical Access Security "The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the en