LintGRC

Toolkits →

Compliance template library

Every LintGRC template has a section-by-section guide on its own page — 83 guides across SOC 2 phase kits, Privacy Governance, and AI Governance. 5 include a free download; 6 are labeled example-only samples for format reference.

83 guides 5 free downloads 6 samples

SOC 2 hub Privacy hub AI Governance hub SOC 2 resources

Showing 83 templates

No templates match your search. Try a different term or clear the filter.

SOC 2 · Phase 1 — Scoping & readiness

11 guides Get full kit →

SOC 2 · Phase 1

Access Control Policy

Section-by-section guide for the DOCX in the SOC 2 Phase 1 toolkit. Customize access control policy template before audit and evidence collection.

SOC 2 · Phase 1

Data Retention and Deletion Policy

Section-by-section guide for the DOCX in the SOC 2 Phase 1 toolkit. Customize data retention policy template before audit and evidence collection.

SOC 2 · Phase 1

Information Security Policy

Section-by-section guide for the DOCX in the SOC 2 Phase 1 toolkit. Customize information security policy template before audit and evidence collection.

SOC 2 · Phase 1

Organizational Chart Template

Section-by-section guide for the DOCX in the SOC 2 Phase 1 toolkit. Customize organizational chart template before audit and evidence collection.

SOC 2 · Phase 1

Risk Management Policy

Section-by-section guide for the DOCX in the SOC 2 Phase 1 toolkit. Customize risk management policy template before audit and evidence collection.

SOC 2 · Phase 1

SOC 2 Control Scoping Worksheet

Section-by-section guide for the Excel in the SOC 2 Phase 1 toolkit. Customize SOC 2 control scoping worksheet before audit and evidence collection.

SOC 2 · Phase 1

SOC 2 Project Plan Template

51 sequenced tasks from kickoff through auditor handoff — with CSV export for your PM tool.

SOC 2 · Phase 1

SOC 2 Readiness Guide and Roadmap

Section-by-section guide for the DOCX in the SOC 2 Phase 1 toolkit. Customize SOC 2 readiness guide before audit and evidence collection.

SOC 2 · Phase 1 Free download

SOC 2 Readiness Scanner and Gap Analysis

Domain-level CC scoring (0–4), gap remediation log, and monthly trend history.

SOC 2 · Phase 1

SOC 2 Scoping Questionnaire

Section-by-section guide for the DOCX in the SOC 2 Phase 1 toolkit. Customize SOC 2 scoping questionnaire before audit and evidence collection.

SOC 2 · Phase 1

SOC 2 System Description Workbook

Section-by-section guide for the DOCX in the SOC 2 Phase 1 toolkit. Customize SOC 2 system description template before audit and evidence collection.

SOC 2 · Phase 2 — Policies & controls

23 guides Get full kit →

SOC 2 · Phase 2 Free download

Acceptable Use and Remote Work Policy

Device use, remote work, prohibited activities, and monitoring — for distributed teams pursuing SOC 2.

SOC 2 · Phase 2

Asset Inventory and Subprocessor Register

Cloud assets, endpoints, and subprocessors with owners and data classification.

SOC 2 · Phase 2

Asset Management Policy

Inventory, ownership, lifecycle, and secure disposal for laptops, cloud resources, and SaaS.

SOC 2 · Phase 2

Authentication and MFA Standard

Password rules, MFA coverage, SSO, and break-glass accounts — aligned to CC6.1.

SOC 2 · Phase 2

Backup and Restore Testing Procedure

Backup scope, restore tests, RTO/RPO, and evidence retention for CC7.5.

SOC 2 · Phase 2

Change Approval Workflow Guide

Emergency vs standard changes, approvals, testing, and rollback for production systems.

SOC 2 · Phase 2

Code Review Checklist Template

Security, testing, and approval checks before merge to protected branches.

SOC 2 · Phase 2

Contractor and Vendor Onboarding Checklist

Background checks, NDAs, least-privilege access, and vendor security requirements for contractors.

SOC 2 · Phase 2

Data Classification Policy

Labels, handling rules, and storage requirements for public, internal, confidential, and restricted data.

SOC 2 · Phase 2

Document Control and Version Log

Version history, owners, and review dates for every policy and standard in your SOC 2 program.

SOC 2 · Phase 2

Employee Offboarding Checklist and Log

Revoke access, recover assets, and log terminations in one workbook auditors can sample.

SOC 2 · Phase 2

Employee Onboarding Checklist

Provisioning, security training, and access approvals for new hires — aligned to SOC 2 CC1 and CC6.

SOC 2 · Phase 2

Incident Log and Triaging Tracker

Severity, timeline, containment, and closure fields for security events and drills.

SOC 2 · Phase 2

Incident Response Policy

Detection, escalation, containment, and post-incident review — mapped to SOC 2 CC7.

SOC 2 · Phase 2

Logging and Monitoring Standard

Log sources, retention, alerting, and review cadence for SOC 2 CC7.2.

SOC 2 · Phase 2

Physical Security Policy (Remote-First)

Home office, co-working, device storage, and visitor controls when you have no corporate datacenter.

SOC 2 · Phase 2

Risk Acceptance Form

Document management-approved exceptions when you cannot meet a control by the audit date.

SOC 2 · Phase 2

Requirements, design, build, test, and release controls for engineering teams — CC8 change management.

SOC 2 · Phase 2

Security Awareness Policy

Training requirements, phishing simulations, and acceptable use expectations for SOC 2 CC1.4.

SOC 2 · Phase 2

Security Training Completion Log

Track onboarding and annual security training completion for SOC 2 CC1.4 evidence.

SOC 2 · Phase 2

User Access Review Procedure

Quarterly access review matrix with approvers, exceptions, and remediation tracking.

SOC 2 · Phase 2

Vendor Management Policy

Due diligence, contracts, ongoing monitoring, and offboarding for subservice organizations.

SOC 2 · Phase 2

Vulnerability Management Procedure

Scanning cadence, SLAs by severity, patching, and exception handling.

SOC 2 · Phase 3 — Audit & evidence

21 guides Get full kit →

SOC 2 · Phase 3

Auditor Kickoff Package

Single DOCX handoff: scope, contacts, evidence repo, timeline, open issues.

SOC 2 · Phase 3 Free download

Auditor Q&A Prep Sheet

CC1–CC9 practice questions with evidence hints for control owners.

SOC 2 · Phase 3

Bridge Letter Template

Gap-period letter between prior SOC report end and current audit period.

SOC 2 · Phase 3

Control Ownership Matrix

Assign named owners and teams to each in-scope control.

SOC 2 · Phase 3

Master index linking controls to evidence artifacts for auditor PBC requests.

SOC 2 · Phase 3

Management Representation Letter

Standard management assertions auditors require at engagement completion.

SOC 2 · Phase 3

PBC Tracker (Evidence Request List)

Track provided-by-client requests, owners, due dates, and evidence links.

SOC 2 · Phase 3

Policy Exception Log

Track policy and control exceptions with approvers, expiry, and compensating controls.

SOC 2 · Phase 3

Quarterly Access Review Sign-Off

Management attestation that quarterly access reviews were performed per SOC-010.

SOC 2 · Phase 3

Risk Register and Treatment Plan

Living risk register with scoring, treatment, and links to SOC-019 minutes.

SOC 2 · Phase 3

Risk Review Meeting Minutes

Quarterly risk committee minutes tied to SOC-030 risk register and COR-014 acceptances.

SOC 2 · Phase 3

Sample Audit RFP Response

Structured response when selecting a SOC 2 audit firm.

SOC 2 · Phase 3 Example only

Sample Completed Access Review

Illustrates Q1 access review tabs and sign-off summary — pair with SOC-010 for your real review.

SOC 2 · Phase 3 Example only

Sample Completed Incident Report

Phishing incident narrative with timeline and evidence references — model for SOC-013 rows.

SOC 2 · Phase 3 Example only

Sample Completed Risk Register

Fictional Acme Corp risk rows — shows formatting auditors expect from SOC-030.

SOC 2 · Phase 3 Example only

Sample Evidence Package

ZIP with manifest and sanitized exports — shows how to organize PBC-style evidence.

SOC 2 · Phase 3 Example only

Sample Vendor Review Minutes

Quarterly vendor committee example with subservice org notes for SOC-004 alignment.

SOC 2 · Phase 3

Security Steering Committee Minutes

Quarterly governance minutes with KPIs, decisions, and action items for SOC 2 CC1.2.

SOC 2 · Phase 3

Traceability Matrix

Map risks → controls → tests → evidence for audit traceability.

SOC 2 · Phase 3

Cross-reference Trust Services Criteria to your policies and control activities.

SOC 2 · Phase 3

Vendor Review Meeting Template

Structured vendor governance meeting aligned to COR-008 and SOC-014.

GDPR / CCPA — Privacy governance

9 guides Get full kit →

Consumer Rights Request Procedure

Section-by-section guide for the DOCX in the Privacy Governance toolkit. Customize consumer rights request procedure before audit and evidence collection.

Cookie Consent Banner Text

Section-by-section guide for the TXT in the Privacy Governance toolkit. Customize cookie consent banner text before audit and evidence collection.

Data Processing Agreement (DPA)

Section-by-section guide for the DOCX in the Privacy Governance toolkit. Customize data processing agreement template before audit and evidence collection.

Do Not Sell or Share Request Workflow

Section-by-section guide for the DOCX in the Privacy Governance toolkit. Customize do not sell or share request workflow before audit and evidence collection.

DSAR Management Kit

Section-by-section guide for the Excel in the Privacy Governance toolkit. Customize DSAR management template before audit and evidence collection.

External Privacy Notice

Section-by-section guide for the DOCX in the Privacy Governance toolkit. Customize privacy notice template before audit and evidence collection.

International Data Transfer Assessment

Section-by-section guide for the DOCX in the Privacy Governance toolkit. Customize international data transfer assessment before audit and evidence collection.

Privacy Incident Assessment Worksheet

Section-by-section guide for the DOCX in the Privacy Governance toolkit. Customize privacy incident assessment worksheet before audit and evidence collection.

Record of Processing Activities (RoPA)

Section-by-section guide for the Excel in the Privacy Governance toolkit. Customize record of processing activities template before audit and evidence collection.

AI Governance

18 guides Get full kit →

Agentic AI Controls & HITL Matrix

Human-in-the-loop requirements by action type and risk tier for autonomous agents.

AI Data Classification & Ingestion Standard

Which data may enter prompts, RAG indexes, and training pipelines — mapped to your classification tiers.

AI Risk Register

Inherent/residual scoring, treatment plans, and incident-driven risk log for AI programs.

AI Risk Tiering & Classification Guide

Five-dimension scoring worksheet and Tier 1–4 control requirements before deployment.

AI Security Incident Response Playbook

AI-specific incident types, severity, playbooks for injection and agent runaway, and evidence preservation.

AI System Register & Inventory Ledger

Master inventory of every AI tool and production system with tier, owners, and compliance checklist.

AI Vendor Contracting & DPA Addendum

Contract clause checklist and AI-specific data processing addendum for model providers.

Customer-Facing AI Transparency Summary

Sales-ready Q&A on how you use AI, training data, vendors, and incident handling.

AI Governance Free download

DLP & Prompt Firewall Engine Rules

Machine-readable JSON rules plus human-readable spec for API gateway enforcement.

Employee AI Policy Acknowledgment Form

Per-employee sign-off after AI-001 training — evidence for audits and HR files.

Enterprise AI Acceptable Use Policy

Foundational workforce policy for approved tools, prohibited uses, and enforcement.

AI Governance Example only

Example Completed AI Risk Register

Acme Corp AI risks aligned to AI-006 sample systems — reference for AI-010 scoring.

Implementation & Organizational Rollout Playbook

Phased deployment, training plan, governance cadence, and program KPIs.

Model Change Management & Release Controls

C1–C4 change types, approvals, rollback, and audit trail for prompts and models.

Model Output Quality & Content Drift Standard

Quality dimensions, drift triggers, tier thresholds, and escalation workflow.

Prompt Engineering & Input Handling Guidelines

System prompts, injection prevention, RAG rules, and logging for production LLM apps.

Training Data Restrictions & IP Guardrails

What data may train or fine-tune models, licensing, synthetic data rules, and output ownership.

Vendor AI Security Intake Questionnaire

Procurement intake for AI SaaS and model APIs — data handling, subprocessors, and risk scoring.

Free SOC 2 downloads

1 guide SOC 2 hub →

SOC 2 · Free Free download

Free PBC Tracker & Evidence Request List

Starter auditor PBC checklist with 18 common evidence requests — upgrade to SOC-028 for full fieldwork tracking.

Need the full template ZIPs?

SOC 2 phase kits, Privacy Governance, and AI Governance toolkits include every file plus matching guides.

Phase 1 kit Phase 2 kit Phase 3 kit Privacy kit AI Governance kit