Track and manage compliance evidence
| Title | Linked Control | Frameworks | Type | Last Reviewed | Next Review | Status | Owner | |
|---|---|---|---|---|---|---|---|---|
| Information Security Policy v2.3 | A.5.1 | ISO 27001SOC 2 | Policy | 3 Jan 2026 | 3 Jan 2027 | Current | CISO | |
| Data Classification Policy v2.1 | A.5.12 | ISO 27001GDPR | Policy | 5 Jan 2026 | 5 Jan 2027 | Current | DPO | |
| Access Control Procedure v3.0 | A.5.15 | ISO 27001 | Procedure | 12 Nov 2025 | 12 Nov 2026 | Current | IT Ops | |
| Privilege Access Review Q4 2025 | A.8.2 | ISO 27001SOC 2 | Review Record | 15 Dec 2025 | 15 Mar 2026 | Overdue | IT Ops | |
| Security Awareness Training 2025 Completion | A.6.3 | ISO 27001 | Training Record | 30 Jun 2025 | 30 Jun 2026 | Current | HR Dept | |
| Penetration Test Report External 2025 | A.8.8 | ISO 27001SOC 2 | Test Report | 14 Aug 2025 | 14 Aug 2026 | Current | CTO | |
| Data Centre Physical Security Checklist Q1 | A.7.1 | ISO 27001 | Checklist | 1 Oct 2025 | 1 Apr 2026 | Overdue | Facilities | |
| Vendor Risk Assessment — Cloud Provider | A.5.23 | ISO 27001GDPR | Assessment | 20 Dec 2025 | 20 Dec 2026 | Current | Procurement | |
| Incident Response Procedure v1.5 | A.5.26 | ISO 27001SOC 2 | Procedure | 8 Feb 2025 | 8 Feb 2026 | Due Soon | CISO | |
| Business Continuity Plan v3.1 | A.5.29 | ISO 27001 | Plan | 15 Mar 2025 | 15 Mar 2026 | Due Soon | COO | |
| GDPR Data Protection Impact Assessment | A.5.34 | GDPR | Assessment | 10 Feb 2026 | 10 Feb 2027 | Current | DPO | |
| Cryptography Policy v1.2 | A.8.24 | ISO 27001 | Policy | 22 Jan 2026 | 22 Jan 2027 | Current | CTO |