Project template
A SOC 2 Type II audit plan that runs the cycle from auditor selection and scoping through control mapping, evidence collection, fieldwork, and a report you can share with customers.
Overview
A SOC 2 Type II audit is a multi-month program with real dependencies. A plan keeps scoping, control mapping, the ninety-day evidence window, and fieldwork in the right order so the audit does not stall.
This template is the built-in SOC 2 Type II starter project in Atlas. It ships with the milestones a compliance owner runs and a RAID log seeded with the risks that surface mid-audit, such as control gaps and an expired sub-service organization report.
Because it is a live Atlas project, the long evidence window and the customer-facing distribution of the final report sit on one record, so the audit is auditable itself.
What is included
Milestones to select an auditor, sign the statement of work, and scope the trust service criteria.
A step to map the control matrix so the audit knows exactly what will be tested.
A milestone for the ninety-plus-day evidence collection period that Type II requires.
Milestones for completing fieldwork, issuing the report, and distributing it to customers.
Risks such as control gaps found mid-fieldwork and an expired vendor SOC 2, ready to adapt.
How to use it
Create a new project at /projects and apply the SOC 2 Type II starter template.
Complete the auditor and scoping milestones so the trust service criteria are agreed.
Track the ninety-day evidence window with tasks and owners so nothing is missed at fieldwork.
Complete fieldwork, issue the report, and distribute it to customers under the final milestone.
FAQ
Ready when you are
Atlas is the all-in-one work OS - tasks, projects, CRM, contracts, HR, and automation on one shared record, with a governed AI assistant. Start free.