Includes Phase 1 • People, policies & engineering ops

SOC 2 Phase 2 Implementation Kit

Move from policies on paper to operating controls. HR checklists, extended COR policies, SDLC procedures, access reviews, incident response, and vendor management — nested in the same ZIP folders auditors recognize.

Includes full Phase 1 Starter Kit

Get the Phase 2 Implementation Kit — $597 Inspect the Documents
34 Templates (Phase 1 + 2)
3 folders HR • Policies • Engineering
Nested ZIP Same IDs as Phase 1
Includes full Phase 1 Starter Kit CC6 access & change controls HR onboarding / offboarding Vendor & incident procedures

Implement, don’t just document

HR-001–003, SOC-009/010 access reviews, and SOC-007–012 engineering procedures are operational checklists.

Auditor-ready evidence paths

COR-013 document control log ties policy versions to approval dates auditors sample.

Phase 1 included

1_Foundation/ ships inside the ZIP — no rebuying scoping or core policies.

Avoid duplicate consultant work

One implementation bundle instead of separate HR, security, and vendor policy engagements.

What’s inside the ZIP

34 templates across Foundation, People & HR, Policies, and Engineering — Phase 1 included

1 Foundation

COR-001Word

Information Security Policy

Editable template with section-by-section guide at lintgrc.com/templates/information-security-policy-template/.

SOC 2Foundation
COR-002Word

Access Control Policy

Editable template with section-by-section guide at lintgrc.com/templates/access-control-policy-template/.

SOC 2Foundation
COR-003Word

Risk Management Policy

Editable template with section-by-section guide at lintgrc.com/templates/risk-management-policy-template/.

SOC 2Foundation
COR-004Word

Data Retention and Deletion Policy

Editable template with section-by-section guide at lintgrc.com/templates/data-retention-deletion-policy-template/.

SOC 2Foundation
COR-005Word

Organizational Chart Template

Editable template with section-by-section guide at lintgrc.com/templates/organizational-chart-template/.

SOC 2Foundation
SOC-001Word

SOC 2 Readiness Guide and Roadmap

Editable template with section-by-section guide at lintgrc.com/templates/soc-001-readiness-guide-and-roadmap/.

SOC 2Foundation
SOC-002Word

SOC 2 Scoping Questionnaire

Editable template with section-by-section guide at lintgrc.com/templates/soc-2-scoping-questionnaire/.

SOC 2Foundation
SOC-003Excel

SOC 2 Control Scoping Worksheet

Editable template with section-by-section guide at lintgrc.com/templates/soc-2-control-scoping-worksheet/.

SOC 2Foundation
SOC-003AExcel

SOC 2 Readiness Scanner and Gap Analysis

Editable template with section-by-section guide at lintgrc.com/templates/soc-2-readiness-scanner-gap-analysis/.

SOC 2Foundation
SOC-004Word

SOC 2 System Description Workbook

Editable template with section-by-section guide at lintgrc.com/templates/soc-2-system-description-workbook/.

SOC 2Foundation
SOC-005Excel

SOC 2 Project Plan Template

Editable template with section-by-section guide at lintgrc.com/templates/soc-2-project-plan-template/.

SOC 2Foundation

2A People and HR

COR-006Word

Security Awareness Policy

Editable template with section-by-section guide at lintgrc.com/templates/security-awareness-policy-template/.

SOC 2Implementation
HR-001Word

Employee Onboarding Checklist

Editable template with section-by-section guide at lintgrc.com/templates/employee-onboarding-checklist-template/.

SOC 2Implementation
HR-002Excel

Employee Offboarding Checklist and Log

Editable template with section-by-section guide at lintgrc.com/templates/employee-offboarding-checklist-template/.

SOC 2Implementation
HR-003Word

Contractor and Vendor Onboarding Checklist

Editable template with section-by-section guide at lintgrc.com/templates/contractor-vendor-onboarding-checklist-template/.

SOC 2Implementation
SOC-006Excel

Security Training Completion Log

Editable template with section-by-section guide at lintgrc.com/templates/security-training-completion-log-template/.

SOC 2Implementation

2B Policies and Admin

COR-007Word

Incident Response Policy

Editable template with section-by-section guide at lintgrc.com/templates/incident-response-policy-template/.

SOC 2Implementation
COR-008Word

Vendor Management Policy

Editable template with section-by-section guide at lintgrc.com/templates/vendor-management-policy-template/.

SOC 2Implementation
COR-009Word

Data Classification Policy

Editable template with section-by-section guide at lintgrc.com/templates/data-classification-policy-template/.

SOC 2Implementation
COR-010Word

Asset Management Policy

Editable template with section-by-section guide at lintgrc.com/templates/asset-management-policy-template/.

SOC 2Implementation
COR-011Word

Acceptable Use and Remote Work Policy

Editable template with section-by-section guide at lintgrc.com/templates/acceptable-use-remote-work-policy-template/.

SOC 2Implementation
COR-012Word

Physical Security Policy (Remote-First)

Editable template with section-by-section guide at lintgrc.com/templates/physical-security-policy-template/.

SOC 2Implementation
COR-013Excel

Document Control and Version Log

Editable template with section-by-section guide at lintgrc.com/templates/document-control-version-log-template/.

SOC 2Implementation
COR-014Word

Risk Acceptance Form

Editable template with section-by-section guide at lintgrc.com/templates/risk-acceptance-form-template/.

SOC 2Implementation

2C Engineering and Ops

SOC-007Word

SDLC Standard

Editable template with section-by-section guide at lintgrc.com/templates/sdlc-standard-template/.

SOC 2Implementation
SOC-008Word

Logging and Monitoring Standard

Editable template with section-by-section guide at lintgrc.com/templates/logging-monitoring-standard-template/.

SOC 2Implementation
SOC-009Word

Authentication and MFA Standard

Editable template with section-by-section guide at lintgrc.com/templates/authentication-mfa-standard-template/.

SOC 2Implementation
SOC-010Excel

User Access Review Procedure

Editable template with section-by-section guide at lintgrc.com/templates/user-access-review-procedure-template/.

SOC 2Implementation
SOC-011Word

Change Approval Workflow Guide

Editable template with section-by-section guide at lintgrc.com/templates/change-approval-workflow-guide-template/.

SOC 2Implementation
SOC-012Word

Code Review Checklist Template

Editable template with section-by-section guide at lintgrc.com/templates/code-review-checklist-template/.

SOC 2Implementation
SOC-013Excel

Incident Log and Triaging Tracker

Editable template with section-by-section guide at lintgrc.com/templates/incident-log-triaging-tracker-template/.

SOC 2Implementation
SOC-014Excel

Asset Inventory and Subprocessor Register

Editable template with section-by-section guide at lintgrc.com/templates/asset-inventory-subprocessor-register-template/.

SOC 2Implementation
SOC-015Word

Backup and Restore Testing Procedure

Editable template with section-by-section guide at lintgrc.com/templates/backup-restore-testing-procedure-template/.

SOC 2Implementation
SOC-016Word

Vulnerability Management Procedure

Editable template with section-by-section guide at lintgrc.com/templates/vulnerability-management-procedure-template/.

SOC 2Implementation

Phase 1 without implementation is an audit waiting to fail

Phase 2 connects people, policy, and engineering controls to the same control IDs from your scoping worksheet.

Folder-native layout

2A_People_and_HR, 2B_Policies_and_Admin, 2C_Engineering_and_Ops mirror how teams actually run SOC 2.

Access review cadence

SOC-009 and SOC-010 procedures align with quarterly review evidence auditors request.

Vendor + incident coverage

COR-008 and SOC-014 vendor management pair with SOC-011/012 incident workflows.

Policy version control

COR-013 tracks every policy revision — critical for CC2 governance evidence.

Policy PDFs vs. LintGRC Phase 2 Implementation

Operating procedures, not shelf-ware

System Feature
Generic Templates
LintGRC Phase 2
HR & people controls
Generic HR handbook
Onboarding, training, offboarding checklists
Engineering evidence
None
SDLC, access review, backup, change procedures
Policy management
Static Word files
COR-013 version control log
Phase 1 foundation
Sold separately
1_Foundation/ included in ZIP
Per-template guides
Rarely
lintgrc.com guide for every file
Price
Free (incomplete)
$597 one-time

Designed to roll into Phase 3

Control owners and evidence indexes in Phase 3 reference the same SOC and COR IDs.

SOC-003 controls → SOC-024 owner assignments
COR-013 versions → governance minutes in Phase 3
Access review procedures → evidence index rows
Vendor inventory → PBC tracker submissions

SOC 2 Phase 2 Implementation Kit

$697 $597 one-time
  • Full Phase 1 Starter Kit (1_Foundation/)
  • 23 Phase 2 templates across HR, policies, and engineering
  • COR-006 through COR-014 extended policy and admin set
  • START_HERE.txt + README.txt at ZIP root
  • Website guide for every template
  • Instant download after purchase
Get the Implementation Kit — $597

Already own Phase 1? Add this phase for $400 →

Upgrade path to Phase 3 Audit & Evidence Bundle available. New here? This kit includes Phase 1. Expansion ZIP adds 2A/2B/2C folders only — merge into your Phase 1 kit.

Frequently asked questions

Do I need Phase 1 first?

Phase 2 includes the complete Phase 1 ZIP folder. If you already bought Phase 1, you still get one unified ZIP — no duplicate work, just a single implementation bundle.

Will this satisfy my auditor?

Templates follow common SOC 2 control themes, but auditors evaluate operating effectiveness over your observation period. Customize procedures to your environment and confirm scope with your CPA firm.

How are files organized?

Nested folders (1_Foundation, 2A_People_and_HR, 2B_Policies_and_Admin, 2C_Engineering_and_Ops) match the START_HERE.txt walkthrough.

Ready to operationalize SOC 2 controls?

Give engineering, HR, and compliance the same playbook — before the observation period clock starts.

SOC 2 Phase 2 Implementation Kit

Single-organization license • Phase 1 included • Editable source files

Disclaimer: Templates support SOC 2 readiness; they do not guarantee audit passage. Controls must operate over your observation period. Licensed for your organization only — do not redistribute.