SKYE Standard
Skyes Over London LC
SS-SOC2-001 Companion Pack

SS-SOC2-001 Companion Pack

SOC 2 posture enforcement artifacts for the SKYE Standard: Checklist, Evidence Index, Scorecard, and Exception Form.

Return to Pack
SKYE Definition: SOC 2 posture is the provable state of readiness showing controls are designed, operating, and backed by continuously retrievable evidence. This site is the SS-SOC2-001 Companion Pack—built to make enforcement consistent across teams and geographies.
Standard SS-SOC2-001
Companion Docs 001A–001D
Owner Skyes Over London LC — Security & Trust Office
Mode Local-only (no backend)

Use the Checklist to capture implementation status. Use the Evidence Index as the receipts binder. Use the Scorecard to standardize posture level decisions. Use the Exception Form to allow time-bound gaps without lying to ourselves.

  • Production Gate: Systems handling client data must be Level 2 minimum (or have approved exceptions for any mandatory gaps).
  • High-Risk Gate: High-risk systems must be Level 3 sustained with cadences current.
  • Evidence Rule: If proof cannot be produced quickly, the control is treated as non-operational.
PDFs included: The branded PDFs are embedded in /pdfs so the download buttons work immediately after deployment.
Recommended flow
Checklist → Evidence Index → Scorecard → Exceptions (as needed)
Storage
All edits save to this device via browser localStorage.
Export
Each doc page exports JSON/CSV for posture submissions.
Print
Use “Print / Save as PDF” for a clean printable copy.

SS-SOC2-001A — Checklist

Mandatory controls + applicable modules. Track status and export JSON.

Open Checklist Download PDF

SS-SOC2-001B — Evidence Index

Receipts binder template. Add records and export CSV/JSON.

Open Evidence Index Download PDF

SS-SOC2-001C — Posture Scorecard

Domain scoring 0–5, auto-fail gates, and SKYE tier mapping.

Open Scorecard Download PDF

SS-SOC2-001D — Exception Form

Time-bound posture exceptions with risk statement and remediation plan.

Open Exception Form Download PDF

SKYE Enforcement Summary

RuleMeaningEnforced by
Level 2 minimum for client dataMandatory domains average ≥3 and no mandatory domain <3; no auto-fail gates.Scorecard + Evidence Index
Exceptions must be time-boundNo permanent waivers. Every gap has an end date, remediation owner, and validation method.Exception Form
Evidence RuleIf proof cannot be produced quickly, treat the control as non-operational until evidence exists.Evidence Index
High-risk systems target Level 3Sustained cadence, minimal exceptions, full-period evidence, and quarterly reviews current.Scorecard + Checklist
Download Combined Binder PDF
© 2026 Skyes Over London LC. Internal control standard. Distribution restricted to authorized teams and partners.