SOC 2 Trust Services Criteria & Policies
SOC 2 Security audits expect documented policies mapped to Common Criteria CC1–CC9. Gold includes a SOC 2 Security Control Matrix workbook plus policies and evidence forms (training log, access recertification, penetration test summary, termination checklist, and more).
Gold package ($849) · Compare packages
What is in the Gold package?
52 policies and 25 standard forms — 77 editable Word documents delivered instantly after purchase.
Show all 52 policies and 25 forms
Policies
- Acceptable Use Encryption Policy
- Acceptable Use Policy
- Accountability for Assets Policy
- AI Security Policy
- Application Access Control Policy
- Backup Policy
- Business Continuity & Disaster Recovery Policy
- Change Management Policy
- Confidential Data Policy
- Cloud Computing Policy
- Cloud Security Policy
- Data Classification Policy
- Data Protection Policy
- Data Retention Policy
- Data Security Policy
- Email Policy
- Encryption Policy
- Equipment Security Policy
- Exception to Policy
- External Communications Policy
- External Party Information Disclosure Policy
- Firewall Policy
- Guest Access Policy
- Incident Response Policy
- Information Ownership Policy
- Information Security Infrastructure Policy
- Information Security Policy
- Mobile Device Policy
- Monitoring System Access and Use Policy
- Network Access Policy
- Network Security Policy
- Notifying Employees of Change Policy
- Operating System Access Control Policy
- Organizational Security Policy
- Outsourcing Policy
- Password Policy
- Personal Computer Policy
- Physical Security Policy
- Ransomware Policy
- Remote Access Policy
- Risk Assessment Policy
- Retention Policy
- Secure Areas Security Policy
- Secure Software Development Policy
- Telecommuting and Mobile Computer Security Policy
- Third Party Connection Policy
- User Training Policy
- Vulnerability & Patch Management Policy
- VPN Policy
- Wireless Access Policy
- Wireless Security Policy
- Network Access & Authentication
Standard forms
- Policy Acceptance Page
- Guest Network Access Request
- Security Incident Report
- Noncompliance Notice
- Policy Amendment Form
- Request for Account Setup
- Request for Policy Exception
- Visitor Log
- Risk Register
- Risk Treatment Plan
- Access Recertification Log
- Vendor Security Assessment
- Change Request Form
- BCP DR Test Results
- SOC 2 Security Control Matrix
- ISO 27001 Statement of Applicability
- Security Training Log
- Penetration Test Summary
- Termination Access Checklist
- ISMS Scope Statement
- Internal Audit Procedure
- Management Review Record
- Privacy Impact Assessment (DPIA)
- Asset Inventory Attestation
- CAPA Remediation Tracker