90% Pre-Applied Discount Ending Soon
Best SOC 2 Documentation
Done-For-You (DFY) Professionally drawn Comprehensive and Robust SOC 2 Documentation is prepared by a committee of InfoSec Industry experts, Principal Auditors and Lead Instructors, under the aegis of SOC 2 Compliance Institute. The Documentation addresses the information security compliances arising from ‘Establishing’ Mandatory SOC 2 framework. The Complete pack has about 541 pages, spread over 114 most critical Documents.
SOC 2 Documentation Pack – SOC 2 Policies, Procedures and Records
Ideal for SOC 2 Implementation, SOC 2 Certification and SOC 2 Consultancy Projects, the SOC 2 Documentation is prepared for you in user friendly MS Office, and preformatted in Corporate/Business documentation.
The entire heavy lifting is done for you by the Panel of Global experts in ISMS, thus saving your enormous precious time from 3 months to 18 months, humongous efforts, and costly Consequence from potential Information security Failures.
The Documentation addresses the information security compliances arising from ‘Establishing’ SOC 2 ISMS framework including Global best practices thus paving the way for robust implementation of the requirements of the International Standard .
The Complete pack has about 541 pages, spread over 114 Mandatory Documents which includes SOC 2 Information Security Manuals, Policies, Procedures, Guidelines, Work Instructions, Logs, Registers, Reports, Performance decks, and security architecture Diagrams.
Please see the table and the video appended below for the complete contents covered in the comprehensive documentation pack.
File format – MS Office, preformatted in Corporate/Business document style.
Customization – yes all are 100% customizable (except the Network Security Architecture Diagram as these are in .JPG format)
Editable – Yes, Very little Editing requires only couple of minutes, for example, replace the LOGO with your Organization’s Logo. Replace existing hypothetical Company’s name & Acronyms ABC Technologies, ABCTPL, ABC with your Organization’s name & acronyms.
Content Contribution – Committee of SOC 2 Industry Experts, Principal Instructors, and Lead Auditors.
Document Approved By– SOC 2 Compliance Institute
Language – English
File Delivery method – Immediate and Automatic. Through the secure link in the email provided at the time of check-out
Link Validity – 01 Day from the time of receiving the link through email
Download Limit – 03 (Do not worry, We got you covered. At your special request, we will send the file manually on your registered email)
File Size – 22.6 Mb
Recommendation – Save one file in cloud drive, save another file in your external hard disk drive, keep the third file on your machine as a working document. Maintain strong memorable password for all the three locations.
|SL. No.||Document Name||Document Format||Document Type||Pages|
|1||ISMS Scope Document||Word||Manual||20|
|3||ISMS Terms and Definitions||Word||Guideline||9|
|4||Information Security Manual||Word||Manual||35|
|5||Information and Cyber Security Policy||Word||Policy||108|
|6||ISMS Policy Statement for Domestic company, and MNC||Word||Policy||1|
|7||Organization Security Structure||Word||Work Instructions||7|
|8||Information Security Risk Management Procedure||Word||Procedure||15|
|9||Information Security Risk Register||Excel||Record||6|
|10||Statement of Applicability||Excel||Record||2|
|11||Effectiveness of Controls Procedure||Word||Procedure||5|
|12||ISMS Objectives and Performance Tracker||Excel||Record||2|
|13||Asset Management Procedure||Word||Procedure||12|
|14||Asset Management Guidelines||Word||Procedure||18|
|15||Acceptable Usage Policy||Word||Policy||6|
|16||Acceptable usage - Users Policy||Word||Policy||16|
|17||Acceptable Usage Guidelines||Word||Policy||19|
|19||Asset Security Classification Policy||Word||Procedure||5|
|20||Information Classification, Labelling and Handling Procedure||Word||Procedure||14|
|21||Guidelines for Secure Disposal or Re-Use of Equipment||Word||Guideline||4|
|22||Digital Media Disposal Register||Excel||Template||2|
|24||Asset Register - Risk Assessment & Risk Treatment||Excel||Record||16|
|25||Software License Inventory Tracker||Excel||Record||2|
|26||Human Resource Security Policy||Word||Policy||14|
|27||HR Security Guidelines||Word||Guideline||6|
|28||Responsibility Accountability metrics - RASCI Metrics||Excel||Record||1|
|29||Skill Competency Matrix||Excel||Record||1|
|34||Social Media Policy||Word||Policy||4|
|35||Procedure for Control of documents and records||Word||Policy||18|
|36||ISMS Performance Status Monthly report||Word||Record||26|
|37||ISMS Operation KPIs||Excel||Record||3|
|38||Change Management Procedure||Word||Procedure||12|
|39||Change Management Register||Excel||Template||1|
|40||Supplier Relationship Policy||Word||Policy||5|
|41||Vendor risk management procedure||Word||Policy||10|
|42||Guidelines for Information security in Supplier Relationship||Word||Guideline||5|
|43||Vendor Security Risk Self assessment||Excel||Record||5|
|44||Exception Management Procedure||Word||Procedure||8|
|45||Internal Audit Procedure||Word||Procedure||11|
|46||Internal Audit Plan||Excel||Template||2|
|47||Internal Auditors Training Record||Word||Template||1|
|48||Internal Audit Finding Report||Word||Template||1|
|49||Management Review Procedure||Word||Procedure||5|
|50||Minutes of Management Review||Word||Template||1|
|51||NC and Corrective Action Procedure||Word||Procedure||9|
|52||Access Control Procedure||Word||Procedure||12|
|53||Access Control Policy||Word||Policy||8|
|54||Access Control Guidelines||Word||Guideline||10|
|55||Password Management Procedure||Word||Procedure||10|
|56||Access Control Matrix||Excel||Template||3|
|57||Data Center Access management procedure||Word||Procedure||7|
|58||Mobile Device Management Procedure||Word||Procedure||11|
|59||Mobile Device & Teleworking Policy||Word||Policy||5|
|60||Remote Access Policy||Word||Policy||5|
|61||Backup and Media Management Procedure||Word||Procedure||29|
|62||Data Backup Policy||Word||Policy||6|
|63||Capacity Management Procedure||Word||Procedure||9|
|64||Capacity Management Guidelines||Word||Guideline||11|
|65||Vulnerability and Patch Management Procedure||Word||Procedure||15|
|66||Risk And Vulnerability Tracker||Excel||Record||2|
|67||Clear Desk Clear Screen Policy||Word||Policy||5|
|68||Malware Protection Procedure||Word||Procedure||9|
|69||Malicious Attack Management Procedure||Word||Procedure||6|
|71||Encryption Key Management Procedure||Word||Procedure||7|
|72||Data Encryption procedure||Word||Procedure||6|
|73||Network Security Policy||Word||Policy||9|
|74||Network Security Procedure||Word||Procedure||11|
|75||Network diagram DC and DR||JPG||Record||2|
|76||Log Management Procedure||Word||Procedure||11|
|80||Corporate Email Usage Procedure||Word||Procedure||10|
|81||IT Operations Policy||Word||Policy||11|
|82||IT Operations Procedure||Word||Procedure||21|
|83||IT Operational Security Policy||Word||Policy||8|
|84||IT Guidelines ready reckoner||Word||Guideline||7|
|85||Device SLA report||Excel||Record||1|
|86||Downtime Tracker and Issues Register||Excel||Record||1|
|87||Data Center OPS performance Status||PPT||Record||43|
|88||IT SLAs Monthly Performance Report||Word||Record||5|
|89||Nessus Vulnerability Scan-Report||Excel||Record||1|
|90||System hardening checklist||Word||Guideline||1|
|91||Data Center Audit Report||Word||Record||10|
|92||Information System Acquisition Development and Maintenance Procedure||Word||Procedure||11|
|93||Information Systems Acquisition Development and Maintenance Guidelines||Word||Guideline||9|
|94||Secure Software Development Procedure||Word||Procedure||19|
|95||Secure Coding Checklist||Excel||Guideline||1|
|96||Physical and Environmental Security Policy||Word||Policy||8|
|97||Physical and Environmental Security Procedure||Word||Procedure||14|
|98||Physical Security Guidelines||Word||Guideline||16|
|99||Work Instructions for Physical and Environmental Security||Word||Work Instructions||12|
|100||Guidelines for Physical Security Perimeter||Word||Guideline||4|
|101||Asset Movement Register||Word||Template||1|
|102||Monthly Report on Facilities Infrastructure||Excel||Record||9|
|103||Incident Management Policy||Word||Policy||3|
|104||Incident Management Procedure||Word||Procedure||12|
|105||Incident Priority Escalation procedure||Word||Procedure||4|
|106||Incident Reporting Form||Excel||Template||1|
|107||Incident Management Log||Excel||Template||2|
|108||Business Continuity Management Policy||Word||Policy||11|
|109||ICT Business Continuity Management Procedure||Word||Procedure||17|
|110||IT Disaster Recovery Plan & Procedure||Word||Procedure||29|
|113||Intellectual Property Rights Policy||Word||Policy||10|
Frequently Asked Questions (FAQ)
- File Transfer is done through Email Id provided by you at the time of Checkout.
- The Secured File would be attached to the email sent to you or in the form of secured link.
- Email is sent immediately and automatically upon successful checkout.
- Please recheck your email id for typo errors. It is better to copy paste your email id and then recheck for copying errors.
- Check your email Inbox and spam folder for the receipt of the email.
- The link expires in 01 day. The download limit is 03.
- Additionally, you will receive links to download your digital products in the thank you page of the checkout.
- In case of network issue, or typo error of your email id, do not worry, we got you covered. Just send us the screenshot of the successful checkout, and we will reply you with the purchase file as an attachment.
This Document is useful for-
- Organization Planning for SOC 2 Certification.
- Regulatory Compliance Audits
- SOC 2 Gap Assessments
- Enhancing longevity of the business.
- Organizations keen for robust, resilient, and value-added Information Security Management System.
- Organizations keen to protect themselves against issues from SOC 2 Compliance requirements.
- Organizations who want to survive client audits.
- Information Security Professionals.
- Internal auditors of SOC 2 Management System
- External Auditors of SOC 2 Management System
- Auditors of the client organizations who are tasked to assess the ISMS capability of their Service Providers, Vendors, and contractors.
- Resources involved in SOC 2 Implementation Project.
- Students of Information Security Management System
The SOC 2 Documents Templates are prepared by InfoSec Industry Expert Panel of Veteran SOC 2 Principal Auditors & Lead Instructors having aggregated panel team experience of over 328 years, under the aegis of SOC 2 Compliance Institute. The Document is validated by the Head of the expert committee and approved by SOC 2 Compliance Institute.
The SOC 2 Documents premised on SSAE 18 requirements, Trust Services Criteria, COSO Controls and follow the cardinals of: -
1. Risk-based thinking (RBT),
2. Process approach, and
3. PDCA (Plan Do Check Act) methodology.
The expert panel of Information Security auditors and Instructors have conducted hundreds of SOC 2 audits, Lead Implementer Training, and SOC 2 Implementation Projects in diverse business sectors. Besides, there is a continuous calibration of these experts w.r.t requirements, inferences, interpretation, and audit experiences.
- Securely save the original document template, and use the copy of the file as your working document during preparation/ Implantation of SOC 2 Certification Project.
- The Document has hypothetical Logo, so replace it with your Organization's Logo. The Document has hypothetical company name ABC Technologies Private Limited, and acronyms like ABC, ABCTPL. So, replace these with your Organization's name, and acronyms.
- Replace the text written in red, with details of your organization.
- While the Customization takes only couple of minutes, sincere and serious implementation of the contents of the document gives you head start in ISMS maturity for the relevant requirements by 15-20 years.
Each document like any other entity has a purpose(s) of existence. Template is the empty form which is envisaged at the information Security planning stage for the purpose it is going to achieve. It has to be well thought of, which comes with experience and deep understanding of the the information security requirement(s).
An ISMS template is a static document whereas a Record/log etc is a dynamic document when seen from continuity perspective. But if you are at week 42, all activities captured prior to week 42 are frozen, and hence historical record become static because History can not changed.
A filled form/template which captures predetermined significant aspects of the activity(ies) being performed in continuum becomes the record.
A record can be a log, report, tracker, and dashboard.
A record must have a traceability, and fulfill audit trail, including forensic audit trail. A record is an admissible evidence including in the court of law.
Policies, Procedures, Guidelines and work instructions are essentially the controls that are enforceable. Controls are of of many types, for example administrative controls, engineering controls/design controls, detective controls, preventive controls, Compensating Controls, and Regulatory Controls.
These documents fall majorly under the Administrative controls that have organization wide over-arching reach. Any deviation or departure from the established Polices, Procedures, Guidelines, Work instructions is to be treated as non-compliance whether facing internal audit, client audits, Certification audits, and regulatory audits.
Earlier days thought process held these docs in hierarchal order as Policy, Procedure, Guideline, Work instruction etc. As per that, Policy provides Sense of direction, Procedure provides description of what/when/how to do method. Guidelines and work instruction go a step further in granularity for complex process, or where it is felt that absence of these would lead to non-conforming activity(ies)/results.
Over the years the policy and procedure are found to be either bundled or swapped for strengthening the information security intent, and control effectiveness. Guidelines and work instructions fill the gaps for wide ranging information security requirements. Here honorable intent of the organization is for maximum coverage. There is little bit overlap of the content should the employee refer to just any one of these docs in worst case scenario or access restriction to all of these docs.