Collect access-review evidence for my audit
Screenshots and records reconciled against your tracker, with every gap flagged
Help me collect access-review evidence for our [SOC 2 or ISO 27001] audit. Work through my evidence tracker [sheet link] — each row names a control and the system to check. For Google Workspace: open the Admin console and capture user lists, admin role assignments, and 2FA enforcement status. For GitHub: capture org members, team permissions, and branch protection settings on [key repos]. Take a screenshot of each piece of evidence exactly as an auditor would want to see it, with the date visible, and note where each screenshot is saved. Reconcile what you find against the tracker: mark controls satisfied, and flag gaps explicitly — offboarded people still holding access, admin roles without justification, repos missing protections. Update tracker rows with status, evidence location, and notes. Don't change any settings anywhere — this is evidence collection only. Finish with a gap list ordered by how bad each would look in the audit.