SOC 2 Policy Pack — Core — 15 editable SOC 2 Trust Services Criteria document templates in Word and Excel
SOC 2 Trust Services CriteriaSaaS & technology companies

SOC 2 Policy Pack — Core

15 editable SOC 2 policies mapped to the Trust Services Criteria — the document set your auditor asks for first.

New to SOC 2 Trust Services Criteria? Read our SOC 2 Trust Services Criteria guide →

What's inside — 15 documents + 1 workbooks

  1. Information Security Policy (.docx)
  2. Human Resources Security Policy (.docx)
  3. Risk Assessment Procedure (.docx)
  4. Vendor and Business Partner Management Policy (.docx)
  5. Access Control Policy (.docx)
  6. Data Classification and Handling Policy (.docx)
  7. Encryption and Key Management Policy (.docx)
  8. Vulnerability Management Procedure (.docx)
  9. Monitoring and Logging Policy (.docx)
  10. Security Incident Response Plan (.docx)
  11. Change Management Policy (.docx)
  12. Business Continuity and Disaster Recovery Plan (.docx)
  13. Data Retention and Disposal Policy (.docx)
  14. Security Awareness and Training Policy (.docx)
  15. AI Acceptable Use Policy (.docx)

Excel workbooks

  • SOC 2 TSC Control Mapping — all 38 criteria (Excel)
What's inside the SOC 2 Policy Pack — Core — 15 compliance document templates
A look at what's inside the toolkit.

See the real content before you buy

We publish genuine excerpts — not marketing mockups. Read the opening sections of the Information Security Policy exactly as you'll receive it:

Read the free preview

Frequently asked questions

Which Trust Services Criteria does this SOC 2 toolkit cover?
The policies map to the AICPA Trust Services Criteria, with an Excel control-mapping workbook covering the Security (Common Criteria) set and supporting the Availability, Confidentiality, Processing Integrity and Privacy categories where they are in your audit scope.
Is this for a SOC 2 Type I or a Type II report?
Both. The documentation establishes the control environment a Type I examines at a point in time and a Type II examines over a period. You operate the controls; a licensed CPA firm performs the examination and issues the report.
Will buying this make us SOC 2 compliant?
SOC 2 is an independent CPA firm’s attestation, not something a document pack confers. This toolkit gives you the policy and evidence-mapping foundation auditors request first, so your readiness work is faster and far cheaper than starting from scratch.
What format are the files and how are they delivered?
Editable Microsoft Word (.docx) and Excel (.xlsx) files, delivered as an instant download immediately after checkout. Organization-specific values are amber [bracketed placeholders] you replace with find-and-replace.
What licence do I get?
A single-organization licence. If you are a consultant or MSP intending to reuse the documents across multiple clients, contact us first for a fair multi-client arrangement.
$59

Secure Stripe checkout · instant download · no account required

By completing your purchase you agree to our Terms & License and Privacy Policy.

Professional editable templates — general information only, not legal, audit, tax, or certification advice, and no professional or advisory relationship is created. No purchase makes an organization compliant or certified. Review each document with qualified counsel, your compliance professional, or your auditor before relying on it. ISO, IEC, SOC 2, AICPA, HIPAA, NIST, GDPR, the EU AI Act, IRS and FTC are referenced descriptively only; ComplianceDocs (ExpertEngine LLC) is independent and is not affiliated with, endorsed by, or certified by any standards body, regulator, or audit firm.