feat(app): add SOC 3

* feat(db): new migration to add fields for SOC 3

* fix(api): support soc2 for trust-portal endpoints

* fix(app): add SOC 3 to Trust portal frameworks list

---------

Co-authored-by: chasprowebdev <chasgarciaprowebdev@gmail.com>
Co-authored-by: Lewis Carhart <lewis@trycomp.ai>

Author: 3 people

apps/api/src/trust-portal/trust-access.service.ts

@@ -1911,6 +1911,7 @@ export class TrustAccessService {
       | 'iso42001'
       | 'gdpr'
       | 'hipaa'
+      | 'soc3'
       | 'soc2type1'
       | 'soc2type2'
       | 'pci_dss'
@@ -1923,6 +1924,7 @@ export class TrustAccessService {
       [TrustFramework.hipaa]: 'hipaa',
       [TrustFramework.soc2_type1]: 'soc2type1',
       [TrustFramework.soc2_type2]: 'soc2type2',
+      [TrustFramework.soc3]: 'soc3',
       [TrustFramework.pci_dss]: 'pci_dss',
       [TrustFramework.nen_7510]: 'nen7510',
       [TrustFramework.iso_9001]: 'iso9001',
@@ -2594,6 +2596,8 @@ export class TrustAccessService {
     const CERT_MAP: Record<string, string> = {
       soc2: 'soc2',
       'soc 2': 'soc2',
+      soc3: 'soc3',
+      'soc 3': 'soc3',
       iso27001: 'iso27001',
       'iso 27001': 'iso27001',
       iso42001: 'iso42001',
@@ -2647,6 +2651,7 @@ export class TrustAccessService {
 
     const LABEL_MAP: Record<string, string> = {
       soc2: 'SOC 2',
+      soc3: 'SOC 3',
       iso27001: 'ISO 27001',
       iso42001: 'ISO 42001',
       iso9001: 'ISO 9001',

apps/api/src/trust-portal/trust-portal.service.ts

@@ -123,6 +123,7 @@ export class TrustPortalService {
         | 'iso42001_status'
         | 'gdpr_status'
         | 'hipaa_status'
+        | 'soc3_status'
         | 'soc2type1_status'
         | 'soc2type2_status'
         | 'pci_dss_status'
@@ -133,6 +134,7 @@ export class TrustPortalService {
         | 'iso42001'
         | 'gdpr'
         | 'hipaa'
+        | 'soc3'
         | 'soc2type1'
         | 'soc2type2'
         | 'pci_dss'
@@ -186,6 +188,11 @@ export class TrustPortalService {
       enabledField: 'iso9001',
       slug: 'iso_9001',
     },
+    [TrustFramework.soc3]: {
+      statusField: 'soc3_status',
+      enabledField: 'soc3',
+      slug: 'soc3',
+    },
   };
 
   async getDomainStatus(
@@ -612,6 +619,7 @@ export class TrustPortalService {
       soc2: 'soc2',
       soc2type1: 'soc2type1',
       soc2type2: 'soc2type2',
+      soc3: 'soc3',
       iso27001: 'iso27001',
       iso42001: 'iso42001',
       gdpr: 'gdpr',
@@ -626,6 +634,7 @@ export class TrustPortalService {
     const statusFieldMap: Record<string, string> = {
       soc2type1Status: 'soc2type1_status',
       soc2type2Status: 'soc2type2_status',
+      soc3Status: 'soc3_status',
       iso27001Status: 'iso27001_status',
       iso42001Status: 'iso42001_status',
       gdprStatus: 'gdpr_status',
@@ -636,6 +645,7 @@ export class TrustPortalService {
       // Also support snake_case input (from other callers)
       soc2type1_status: 'soc2type1_status',
       soc2type2_status: 'soc2type2_status',
+      soc3_status: 'soc3_status',
       iso27001_status: 'iso27001_status',
       iso42001_status: 'iso42001_status',
       gdpr_status: 'gdpr_status',
@@ -1515,6 +1525,7 @@ export class TrustPortalService {
       // Framework flags
       soc2type1: trust.soc2type1 ?? false,
       soc2type2: trust.soc2type2 || trust.soc2 || false,
+      soc3: trust.soc3 ?? false,
       iso27001: trust.iso27001 ?? false,
       iso42001: trust.iso42001 ?? false,
       gdpr: trust.gdpr ?? false,
@@ -1528,6 +1539,7 @@ export class TrustPortalService {
         !trust.soc2type2 && trust.soc2
           ? (trust.soc2_status ?? 'started')
           : (trust.soc2type2_status ?? 'started'),
+      soc3Status: trust.soc3_status ?? 'started',
       iso27001Status: trust.iso27001_status ?? 'started',
       iso42001Status: trust.iso42001_status ?? 'started',
       gdprStatus: trust.gdpr_status ?? 'started',

apps/app/src/app/(app)/[orgId]/trust/page.tsx

@@ -43,6 +43,7 @@ export default async function TrustPage({
     hipaa: 'hipaaFileName',
     soc2_type1: 'soc2type1FileName',
     soc2_type2: 'soc2type2FileName',
+    soc3: 'soc3FileName',
     pci_dss: 'pcidssFileName',
     nen_7510: 'nen7510FileName',
     iso_9001: 'iso9001FileName',
@@ -55,6 +56,7 @@ export default async function TrustPage({
     hipaaFileName: null,
     soc2type1FileName: null,
     soc2type2FileName: null,
+    soc3FileName: null,
     pcidssFileName: null,
     nen7510FileName: null,
     iso9001FileName: null,
@@ -100,6 +102,7 @@ export default async function TrustPage({
         primaryColor={settings?.primaryColor ?? null}
         soc2type1={settings?.soc2type1 ?? false}
         soc2type2={settings?.soc2type2 ?? false}
+        soc3={settings?.soc3 ?? false}
         iso27001={settings?.iso27001 ?? false}
         iso42001={settings?.iso42001 ?? false}
         gdpr={settings?.gdpr ?? false}
@@ -109,6 +112,7 @@ export default async function TrustPage({
         iso9001={settings?.iso9001 ?? false}
         soc2type1Status={settings?.soc2type1Status ?? 'started'}
         soc2type2Status={settings?.soc2type2Status ?? 'started'}
+        soc3Status={settings?.soc3Status ?? 'started'}
         iso27001Status={settings?.iso27001Status ?? 'started'}
         iso42001Status={settings?.iso42001Status ?? 'started'}
         gdprStatus={settings?.gdprStatus ?? 'started'}
@@ -123,6 +127,7 @@ export default async function TrustPage({
         hipaaFileName={certificateFiles.hipaaFileName}
         soc2type1FileName={certificateFiles.soc2type1FileName}
         soc2type2FileName={certificateFiles.soc2type2FileName}
+        soc3FileName={certificateFiles.soc3FileName}
         pcidssFileName={certificateFiles.pcidssFileName}
         nen7510FileName={certificateFiles.nen7510FileName}
         iso9001FileName={certificateFiles.iso9001FileName}

apps/app/src/app/(app)/[orgId]/trust/portal-settings/components/TrustPortalSwitch.test.tsx

@@ -200,6 +200,7 @@ describe('TrustPortalSwitch permission gating', () => {
     orgId: 'org-1',
     soc2type1: false,
     soc2type2: false,
+    soc3: false,
     iso27001: true,
     iso42001: false,
     gdpr: false,
@@ -208,6 +209,7 @@ describe('TrustPortalSwitch permission gating', () => {
     nen7510: false,
     soc2type1Status: 'started' as const,
     soc2type2Status: 'started' as const,
+    soc3Status: 'started' as const,
     iso27001Status: 'compliant' as const,
     iso42001Status: 'started' as const,
     gdprStatus: 'started' as const,

apps/app/src/app/(app)/[orgId]/trust/portal-settings/components/TrustPortalSwitch.tsx

@@ -61,6 +61,7 @@ const trustPortalSwitchSchema = z.object({
   primaryColor: z.string().optional(),
   soc2type1: z.boolean(),
   soc2type2: z.boolean(),
+  soc3: z.boolean(),
   iso27001: z.boolean(),
   iso42001: z.boolean(),
   gdpr: z.boolean(),
@@ -70,6 +71,7 @@ const trustPortalSwitchSchema = z.object({
   iso9001: z.boolean(),
   soc2type1Status: z.enum(['started', 'in_progress', 'compliant']),
   soc2type2Status: z.enum(['started', 'in_progress', 'compliant']),
+  soc3Status: z.enum(['started', 'in_progress', 'compliant']),
   iso27001Status: z.enum(['started', 'in_progress', 'compliant']),
   iso42001Status: z.enum(['started', 'in_progress', 'compliant']),
   gdprStatus: z.enum(['started', 'in_progress', 'compliant']),
@@ -93,6 +95,7 @@ const FRAMEWORK_KEY_TO_API_SLUG: Record<string, string> = {
   hipaa: 'hipaa',
   soc2type1: 'soc2_type1',
   soc2type2: 'soc2_type2',
+  soc3: 'soc3',
   pcidss: 'pci_dss',
   nen7510: 'nen_7510',
   iso9001: 'iso_9001',
@@ -151,13 +154,15 @@ export function TrustPortalSwitch({
   orgId,
   soc2type1,
   soc2type2,
+  soc3,
   iso27001,
   iso42001,
   gdpr,
   hipaa,
   pcidss,
   soc2type1Status,
   soc2type2Status,
+  soc3Status,
   iso27001Status,
   iso42001Status,
   gdprStatus,
@@ -174,6 +179,7 @@ export function TrustPortalSwitch({
   hipaaFileName,
   soc2type1FileName,
   soc2type2FileName,
+  soc3FileName,
   pcidssFileName,
   nen7510FileName,
   iso9001FileName,
@@ -192,6 +198,7 @@ export function TrustPortalSwitch({
   orgId: string;
   soc2type1: boolean;
   soc2type2: boolean;
+  soc3: boolean;
   iso27001: boolean;
   iso42001: boolean;
   gdpr: boolean;
@@ -200,6 +207,7 @@ export function TrustPortalSwitch({
   nen7510: boolean;
   soc2type1Status: 'started' | 'in_progress' | 'compliant';
   soc2type2Status: 'started' | 'in_progress' | 'compliant';
+  soc3Status: 'started' | 'in_progress' | 'compliant';
   iso27001Status: 'started' | 'in_progress' | 'compliant';
   iso42001Status: 'started' | 'in_progress' | 'compliant';
   gdprStatus: 'started' | 'in_progress' | 'compliant';
@@ -215,6 +223,7 @@ export function TrustPortalSwitch({
   hipaaFileName?: string | null;
   soc2type1FileName?: string | null;
   soc2type2FileName?: string | null;
+  soc3FileName?: string | null;
   pcidssFileName?: string | null;
   nen7510FileName?: string | null;
   iso9001FileName?: string | null;
@@ -240,6 +249,7 @@ export function TrustPortalSwitch({
     hipaa: hipaaFileName ?? null,
     soc2type1: soc2type1FileName ?? null,
     soc2type2: soc2type2FileName ?? null,
+    soc3: soc3FileName ?? null,
     pcidss: pcidssFileName ?? null,
     nen7510: nen7510FileName ?? null,
     iso9001: iso9001FileName ?? null,
@@ -253,6 +263,7 @@ export function TrustPortalSwitch({
       hipaa: hipaaFileName ?? null,
       soc2type1: soc2type1FileName ?? null,
       soc2type2: soc2type2FileName ?? null,
+      soc3: soc3FileName ?? null,
       pcidss: pcidssFileName ?? null,
       nen7510: nen7510FileName ?? null,
       iso9001: iso9001FileName ?? null,
@@ -264,6 +275,7 @@ export function TrustPortalSwitch({
     hipaaFileName,
     soc2type1FileName,
     soc2type2FileName,
+    soc3FileName,
     pcidssFileName,
     nen7510FileName,
     iso9001FileName,
@@ -323,6 +335,7 @@ export function TrustPortalSwitch({
       primaryColor: primaryColor ?? undefined,
       soc2type1: soc2type1 ?? false,
       soc2type2: soc2type2 ?? false,
+      soc3: soc3 ?? false,
       iso27001: iso27001 ?? false,
       iso42001: iso42001 ?? false,
       gdpr: gdpr ?? false,
@@ -332,6 +345,7 @@ export function TrustPortalSwitch({
       iso9001: iso9001 ?? false,
       soc2type1Status: soc2type1Status ?? 'started',
       soc2type2Status: soc2type2Status ?? 'started',
+      soc3Status: soc3Status ?? 'started',
       iso27001Status: iso27001Status ?? 'started',
       iso42001Status: iso42001Status ?? 'started',
       gdprStatus: gdprStatus ?? 'started',
@@ -685,6 +699,39 @@ export function TrustPortalSwitch({
                   orgId={orgId}
                   disabled={!canUpdate}
                 />
+                {/* SOC 3 */}
+                <ComplianceFramework
+                  title="SOC 3"
+                  description="A compliance framework focused on data security, availability, and confidentiality."
+                  isEnabled={soc3}
+                  status={soc3Status}
+                  onStatusChange={async (value) => {
+                    try {
+                      await updateFrameworkSettings({
+                        soc3Status: value as 'started' | 'in_progress' | 'compliant',
+                      });
+                      toast.success('SOC 3 status updated');
+                    } catch (error) {
+                      toast.error('Failed to update SOC 3 status');
+                    }
+                  }}
+                  onToggle={async (checked) => {
+                    try {
+                      await updateFrameworkSettings({
+                        soc3: checked,
+                      });
+                      toast.success('SOC 3 status updated');
+                    } catch (error) {
+                      toast.error('Failed to update SOC 3 status');
+                    }
+                  }}
+                  fileName={certificateFiles.soc3}
+                  onFileUpload={handleFileUpload}
+                  onFilePreview={handleFilePreview}
+                  frameworkKey="soc3"
+                  orgId={orgId}
+                  disabled={!canUpdate}
+                />
                 {/* PCI DSS */}
                 <ComplianceFramework
                   title="PCI DSS"

packages/db/prisma/migrations/20260421000000_add_soc3_to_trust/migration.sql

@@ -0,0 +1,12 @@
+-- Add SOC 3 support to the trust portal:
+--   * new `soc3` value on the `TrustFramework` enum (used by TrustResource)
+--   * new `soc3` and `soc3_status` columns on the `Trust` model
+--
+-- Safe to combine these in a single migration because `soc3_status` uses the
+-- pre-existing `FrameworkStatus` enum — the newly-added `TrustFramework.soc3`
+-- value is not referenced in any statement in this file.
+ALTER TYPE "TrustFramework" ADD VALUE IF NOT EXISTS 'soc3';
+
+ALTER TABLE "Trust"
+  ADD COLUMN "soc3" BOOLEAN NOT NULL DEFAULT false,
+  ADD COLUMN "soc3_status" "FrameworkStatus" NOT NULL DEFAULT 'started';

packages/db/prisma/schema/trust.prisma

@@ -17,6 +17,7 @@ model Trust {
   soc2          Boolean @default(false)
   soc2type1     Boolean @default(false)
   soc2type2     Boolean @default(false)
+  soc3          Boolean @default(false)
   iso27001      Boolean @default(false)
   iso42001      Boolean @default(false)
   nen7510       Boolean @default(false)
@@ -28,6 +29,7 @@ model Trust {
   soc2_status      FrameworkStatus @default(started)
   soc2type1_status FrameworkStatus @default(started)
   soc2type2_status FrameworkStatus @default(started)
+  soc3_status      FrameworkStatus @default(started)
   iso27001_status  FrameworkStatus @default(started)
   iso42001_status  FrameworkStatus @default(started)
   nen7510_status   FrameworkStatus @default(started)
@@ -68,6 +70,7 @@ enum TrustFramework {
   hipaa
   soc2_type1
   soc2_type2
+  soc3
   pci_dss
   nen_7510
   iso_9001

packages/docs/openapi.json

@@ -12022,6 +12022,7 @@
                 "hipaa",
                 "soc2_type1",
                 "soc2_type2",
+                "soc3",
                 "pci_dss",
                 "nen_7510",
                 "iso_9001"
@@ -23568,6 +23569,7 @@
               "hipaa",
               "soc2_type1",
               "soc2_type2",
+              "soc3",
               "pci_dss",
               "nen_7510",
               "iso_9001"
@@ -23609,6 +23611,7 @@
               "hipaa",
               "soc2_type1",
               "soc2_type2",
+              "soc3",
               "pci_dss",
               "nen_7510",
               "iso_9001"
@@ -23651,6 +23654,7 @@
               "hipaa",
               "soc2_type1",
               "soc2_type2",
+              "soc3",
               "pci_dss",
               "nen_7510",
               "iso_9001"