SOC 2 Phase 3 Audit & Evidence Bundle
Close the loop from control operation to auditor delivery. Governance minutes, risk registers, evidence mapping, PBC trackers, and format-only samples — plus the full Phase 1 and Phase 2 kits in one ZIP.
Audit week, organized
SOC-021 evidence index and SOC-028 PBC tracker reduce scrambles when the auditor asks for proof.
Criteria traceability
SOC-022 and SOC-023 map Trust Services Criteria to artifacts and control owners.
Complete program in one ZIP
Phases 1–2 included — 1_Foundation through 2C plus 3A–3D governance and evidence folders.
Reduce rework penalties
Structured handoff beats paying consultants to rebuild evidence indexes from scratch mid-audit.
What’s inside the ZIP
61 templates — foundation, implementation, governance, evidence, auditor handoff, and format samples
1 Foundation
Information Security Policy
Editable template with section-by-section guide at lintgrc.com/templates/information-security-policy-template/.
Access Control Policy
Editable template with section-by-section guide at lintgrc.com/templates/access-control-policy-template/.
Risk Management Policy
Editable template with section-by-section guide at lintgrc.com/templates/risk-management-policy-template/.
Data Retention and Deletion Policy
Editable template with section-by-section guide at lintgrc.com/templates/data-retention-deletion-policy-template/.
Organizational Chart Template
Editable template with section-by-section guide at lintgrc.com/templates/organizational-chart-template/.
SOC 2 Readiness Guide and Roadmap
Editable template with section-by-section guide at lintgrc.com/templates/soc-001-readiness-guide-and-roadmap/.
SOC 2 Scoping Questionnaire
Editable template with section-by-section guide at lintgrc.com/templates/soc-2-scoping-questionnaire/.
SOC 2 Control Scoping Worksheet
Editable template with section-by-section guide at lintgrc.com/templates/soc-2-control-scoping-worksheet/.
SOC 2 Readiness Scanner and Gap Analysis
Editable template with section-by-section guide at lintgrc.com/templates/soc-2-readiness-scanner-gap-analysis/.
SOC 2 System Description Workbook
Editable template with section-by-section guide at lintgrc.com/templates/soc-2-system-description-workbook/.
SOC 2 Project Plan Template
Editable template with section-by-section guide at lintgrc.com/templates/soc-2-project-plan-template/.
2A People and HR
Security Awareness Policy
Editable template with section-by-section guide at lintgrc.com/templates/security-awareness-policy-template/.
Employee Onboarding Checklist
Editable template with section-by-section guide at lintgrc.com/templates/employee-onboarding-checklist-template/.
Employee Offboarding Checklist and Log
Editable template with section-by-section guide at lintgrc.com/templates/employee-offboarding-checklist-template/.
Contractor and Vendor Onboarding Checklist
Editable template with section-by-section guide at lintgrc.com/templates/contractor-vendor-onboarding-checklist-template/.
Security Training Completion Log
Editable template with section-by-section guide at lintgrc.com/templates/security-training-completion-log-template/.
2B Policies and Admin
Incident Response Policy
Editable template with section-by-section guide at lintgrc.com/templates/incident-response-policy-template/.
Vendor Management Policy
Editable template with section-by-section guide at lintgrc.com/templates/vendor-management-policy-template/.
Data Classification Policy
Editable template with section-by-section guide at lintgrc.com/templates/data-classification-policy-template/.
Asset Management Policy
Editable template with section-by-section guide at lintgrc.com/templates/asset-management-policy-template/.
Acceptable Use and Remote Work Policy
Editable template with section-by-section guide at lintgrc.com/templates/acceptable-use-remote-work-policy-template/.
Physical Security Policy (Remote-First)
Editable template with section-by-section guide at lintgrc.com/templates/physical-security-policy-template/.
Document Control and Version Log
Editable template with section-by-section guide at lintgrc.com/templates/document-control-version-log-template/.
Risk Acceptance Form
Editable template with section-by-section guide at lintgrc.com/templates/risk-acceptance-form-template/.
2C Engineering and Ops
SDLC Standard
Editable template with section-by-section guide at lintgrc.com/templates/sdlc-standard-template/.
Logging and Monitoring Standard
Editable template with section-by-section guide at lintgrc.com/templates/logging-monitoring-standard-template/.
Authentication and MFA Standard
Editable template with section-by-section guide at lintgrc.com/templates/authentication-mfa-standard-template/.
User Access Review Procedure
Editable template with section-by-section guide at lintgrc.com/templates/user-access-review-procedure-template/.
Change Approval Workflow Guide
Editable template with section-by-section guide at lintgrc.com/templates/change-approval-workflow-guide-template/.
Code Review Checklist Template
Editable template with section-by-section guide at lintgrc.com/templates/code-review-checklist-template/.
Incident Log and Triaging Tracker
Editable template with section-by-section guide at lintgrc.com/templates/incident-log-triaging-tracker-template/.
Asset Inventory and Subprocessor Register
Editable template with section-by-section guide at lintgrc.com/templates/asset-inventory-subprocessor-register-template/.
Backup and Restore Testing Procedure
Editable template with section-by-section guide at lintgrc.com/templates/backup-restore-testing-procedure-template/.
Vulnerability Management Procedure
Editable template with section-by-section guide at lintgrc.com/templates/vulnerability-management-procedure-template/.
3A Governance
Policy Exception Log
Editable template with section-by-section guide at lintgrc.com/templates/policy-exception-log-template/.
Security Steering Committee Minutes
Editable template with section-by-section guide at lintgrc.com/templates/security-steering-committee-minutes-template/.
Quarterly Access Review Sign-Off
Editable template with section-by-section guide at lintgrc.com/templates/quarterly-access-review-sign-off-template/.
Risk Review Meeting Minutes
Editable template with section-by-section guide at lintgrc.com/templates/risk-review-meeting-minutes-template/.
Vendor Review Meeting Template
Editable template with section-by-section guide at lintgrc.com/templates/vendor-review-meeting-template/.
3B Evidence and Mapping
Evidence Index
Editable template with section-by-section guide at lintgrc.com/templates/evidence-index-template/.
Traceability Matrix
Editable template with section-by-section guide at lintgrc.com/templates/traceability-matrix-template/.
TSC Crosswalk
Editable template with section-by-section guide at lintgrc.com/templates/tsc-crosswalk-template/.
Control Ownership Matrix
Editable template with section-by-section guide at lintgrc.com/templates/control-ownership-matrix-template/.
Risk Register and Treatment Plan
Editable template with section-by-section guide at lintgrc.com/templates/risk-register-template/.
3C Auditor Handoff
Auditor Kickoff Package
Editable template with section-by-section guide at lintgrc.com/templates/auditor-kickoff-package-template/.
Bridge Letter Template
Editable template with section-by-section guide at lintgrc.com/templates/bridge-letter-template/.
Management Representation Letter
Editable template with section-by-section guide at lintgrc.com/templates/management-representation-letter-template/.
PBC Tracker (Evidence Request List)
Editable template with section-by-section guide at lintgrc.com/templates/pbc-tracker-template/.
Sample Audit RFP Response
Editable template with section-by-section guide at lintgrc.com/templates/auditor-rfp-response-template/.
Auditor Q&A Prep Sheet
Editable template with section-by-section guide at lintgrc.com/templates/auditor-qa-prep-sheet-template/.
3D Samples
Sample Completed Risk Register
Editable template with section-by-section guide at lintgrc.com/templates/sample-completed-risk-register/.
Sample Completed Risk Register
Editable template with section-by-section guide at lintgrc.com/templates/sample-completed-risk-register/.
Sample Completed Access Review
Editable template with section-by-section guide at lintgrc.com/templates/sample-completed-access-review/.
Sample Completed Access Review
Editable template with section-by-section guide at lintgrc.com/templates/sample-completed-access-review/.
Sample Completed Incident Report
Editable template with section-by-section guide at lintgrc.com/templates/sample-completed-incident-report/.
Sample Completed Incident Report
Editable template with section-by-section guide at lintgrc.com/templates/sample-completed-incident-report/.
Sample Vendor Review Minutes
Editable template with section-by-section guide at lintgrc.com/templates/sample-vendor-review-minutes/.
Sample Vendor Review Minutes
Editable template with section-by-section guide at lintgrc.com/templates/sample-vendor-review-minutes/.
Sample Evidence Package
Editable template with section-by-section guide at lintgrc.com/templates/sample-evidence-package/.
Sample Evidence Package
Editable template with section-by-section guide at lintgrc.com/templates/sample-evidence-package/.
5 Examples
Example Completed AI Risk Register
Editable template with section-by-section guide at lintgrc.com/templates/example-completed-ai-risk-register/.
Audits fail in the evidence room, not the policy room
Phase 3 is the auditor-facing layer — indexes, traceability, and handoff artifacts built on your Phase 1–2 control IDs.
Control → evidence mapping
SOC-022/023 tie each criterion to files your team already maintains from Phase 2.
PBC tracker built in
SOC-028 tracks prepared-by-client items with status — no last-minute spreadsheet invention.
Governance evidence
SOC-017–020 minutes and COR-015 support CC1/CC2 board and management oversight.
Samples are format-only
3D_Samples/ files show correct layout — clearly marked fictional; never submit to auditors.
Spreadsheet chaos vs. LintGRC Phase 3
Auditor handoff as a system, not a folder dump
One control ID language end-to-end
From SOC-003 scoping through SOC-024 owners to SOC-028 PBC rows.
SOC 2 Phase 3 Audit & Evidence Bundle
- Complete Phase 1 + Phase 2 kits in one ZIP
- 27 Phase 3 governance, evidence, and handoff templates
- SOC-SAMP-* format-only examples (do not submit)
- Risk register, evidence index, and PBC tracker
- Website guide for every template
- Instant download after purchase
Already own Phase 2? Add this phase for $400 →
Never submit 3D_Samples/ files to your auditor — format reference only. Expansion ZIP adds 3A–3D folders only — merge into your Phase 2 kit.
Frequently asked questions
Fictional examples (SOC-SAMP-01 through 05) that demonstrate correct evidence format. They are clearly labeled and must not be submitted as real audit evidence.
No. Phase 3 includes the full Phase 1 and Phase 2 folder trees inside the same ZIP.
Best when controls are operating and you are 4–12 weeks from audit fieldwork — evidence indexing and PBC tracking pay off in audit week.