ISO 27001 + SOC 2 Dual Toolkit — 47 editable ISO 27001:2022 + SOC 2 document templates in Word and Excel
ISO 27001:2022 + SOC 2Companies pursuing both frameworks

ISO 27001 + SOC 2 Dual Toolkit

47 documents covering both frameworks plus a control crosswalk, risk register, Statement of Applicability and TSC mapping — run one security program, pass two audits.

New to ISO 27001:2022 + SOC 2? Read our ISO 27001:2022 + SOC 2 guide →

What's inside — 47 documents + 4 workbooks

  1. ISO 27001 to SOC 2 Control Crosswalk Guide (.docx)
  2. Information Security Policy (.docx)
  3. Information Security Roles and Responsibilities (.docx)
  4. Risk Assessment and Treatment Procedure (.docx)
  5. Acceptable Use Policy (.docx)
  6. Access Control Policy (.docx)
  7. Asset Management and Information Classification Policy (.docx)
  8. Cryptographic Controls Policy (.docx)
  9. Physical and Environmental Security Policy (.docx)
  10. Human Resources Security Policy (.docx)
  11. Remote Working and Mobile Device Policy (.docx)
  12. Supplier and Cloud Services Security Policy (.docx)
  13. Information Security Incident Response Procedure (.docx)
  14. Business Continuity and ICT Readiness Plan (.docx)
  15. Backup and Recovery Policy (.docx)
  16. Logging and Monitoring Policy (.docx)
  17. Vulnerability and Patch Management Procedure (.docx)
  18. Change Management Procedure (.docx)
  19. Secure Development Policy (.docx)
  20. Data Retention and Secure Disposal Policy (.docx)
  21. Privacy and PII Protection Policy (.docx)
  22. Security Awareness and Training Procedure (.docx)
  23. ISMS Internal Audit Procedure (.docx)
  24. Management Review Procedure (.docx)
  25. AI Acceptable Use Policy (.docx)
  26. Information Security Policy (.docx)
  27. Code of Conduct and Ethics Policy (.docx)
  28. Governance and Organizational Structure Policy (.docx)
  29. Human Resources Security Policy (.docx)
  30. Risk Assessment Procedure (.docx)
  31. Vendor and Business Partner Management Policy (.docx)
  32. Access Control Policy (.docx)
  33. Physical Security Policy (.docx)
  34. Data Classification and Handling Policy (.docx)
  35. Encryption and Key Management Policy (.docx)
  36. Network and Endpoint Security Policy (.docx)
  37. Vulnerability Management Procedure (.docx)
  38. Monitoring and Logging Policy (.docx)
  39. Security Incident Response Plan (.docx)
  40. Change Management Policy (.docx)
  41. Secure Software Development Policy (.docx)
  42. Business Continuity and Disaster Recovery Plan (.docx)
  43. Availability and Capacity Management Policy (.docx)
  44. Data Retention and Disposal Policy (.docx)
  45. Security Awareness and Training Policy (.docx)
  46. Communication and Information Policy (.docx)
  47. AI Acceptable Use Policy (.docx)

Excel workbooks

  • Risk Register (Excel)
  • Statement of Applicability — all 93 Annex A controls (Excel)
  • SOC 2 TSC Control Mapping — all 38 criteria (Excel)
  • Audit Evidence Checklist (Excel)
What's inside the ISO 27001 + SOC 2 Dual Toolkit — 47 compliance document templates
A look at what's inside the toolkit.

See the real content before you buy

We publish genuine excerpts — not marketing mockups. Read the opening sections of the ISO 27001 to SOC 2 Control Crosswalk Guide exactly as you'll receive it:

Read the free preview

Frequently asked questions

Can one set of documents really cover both ISO 27001 and SOC 2?
Yes. The bundle includes a control crosswalk so a single control activity produces evidence acceptable to both an ISO 27001 certification auditor and a SOC 2 service auditor, and ships with both a 93-control Statement of Applicability and a Trust Services Criteria mapping.
Will this bundle make us certified or attested?
No. ISO 27001 certification (accredited body) and a SOC 2 report (licensed CPA firm) each require their own audit. The bundle gives you one documented program built to satisfy both, which is where most of the time and cost otherwise goes.
Is it cheaper than buying the two toolkits separately?
Yes — the dual toolkit is priced below the two standalone toolkits combined and removes the duplicate, conflicting documentation you would otherwise maintain across two programs.
What format are the files and how are they delivered?
Editable Microsoft Word (.docx) and Excel (.xlsx) files, delivered as an instant download immediately after checkout. Organization-specific values are amber [bracketed placeholders] you replace with find-and-replace.
What licence do I get?
A single-organization licence. If you are a consultant or MSP intending to reuse the documents across multiple clients, contact us first for a fair multi-client arrangement.
$149

Secure Stripe checkout · instant download · no account required

By completing your purchase you agree to our Terms & License and Privacy Policy.

Professional editable templates — general information only, not legal, audit, tax, or certification advice, and no professional or advisory relationship is created. No purchase makes an organization compliant or certified. Review each document with qualified counsel, your compliance professional, or your auditor before relying on it. ISO, IEC, SOC 2, AICPA, HIPAA, NIST, GDPR, the EU AI Act, IRS and FTC are referenced descriptively only; ComplianceDocs (ExpertEngine LLC) is independent and is not affiliated with, endorsed by, or certified by any standards body, regulator, or audit firm.