4 files changed, 77 insertions, 0 deletions
diff --git a/templates/audit/access-review.org b/templates/audit/access-review.org
new file mode 100644
index 0000000..955f183
--- /dev/null
+++ b/templates/audit/access-review.org
@@ -0,0 +1,24 @@
+#+TITLE: Access Review Report
+#+DATE: %<%Y-%m-%d>
+#+FILETAGS: :audit:access:
+
+* System/Service
+- Name:
+- Owner:
+- Review Period: Q%<%m> %<%Y>
+
+* Purpose of Review
+Why access is being reviewed.
+
+* Current Access List
+| User      | Role        | Last Login     | Justification        |
+|-----------+-------------+----------------+-----------------------|
+| jdoe      | admin       | 2025-05-30     | Required for prod ops |
+
+* Changes Required
+- [ ] Revoke access for user `abc`
+- [ ] Review access policy
+
+* Reviewer
+- Name:
+- Date:
+\ No newline at end of file
diff --git a/templates/audit/audit-checklist.org b/templates/audit/audit-checklist.org
new file mode 100644
index 0000000..d17b14d
--- /dev/null
+++ b/templates/audit/audit-checklist.org
@@ -0,0 +1,18 @@
+#+TITLE: IT Audit Checklist
+#+FILETAGS: :audit:checklist:
+
+* Audit Area: [Security / Operations / Data Protection]
+
+* Checklist
+- [ ] Access controls documented
+- [ ] Change management procedures in place
+- [ ] Logging and monitoring enabled
+- [ ] Incident response plan exists
+- [ ] Backups verified and tested
+- [ ] Data retention policy followed
+- [ ] Vendor risk assessments updated
+
+* Notes
+
+* Evidence Reference
+- [Link to document or file path]
+\ No newline at end of file
diff --git a/templates/audit/evidence-log.org b/templates/audit/evidence-log.org
new file mode 100644
index 0000000..52d9b76
--- /dev/null
+++ b/templates/audit/evidence-log.org
@@ -0,0 +1,15 @@
+#+TITLE: Audit Evidence Log
+#+FILETAGS: :audit:evidence:
+
+* Audit Scope
+- Audit Type: Internal / External
+- Period: Q%<%m> %<%Y>
+
+* Evidence Items
+| Item             | Description                        | Location                 | Verified By |
+|------------------+------------------------------------+--------------------------+-------------|
+| Access logs      | System login audit trail           | /var/log/auth.log        | auditor1    |
+| Backup reports   | Weekly backup success reports      | backup_reports/          | auditor2    |
+| Change tickets   | Jira change tickets for Q2         | jira.example.com/project | it-lead     |
+
+* Notes
+\ No newline at end of file
diff --git a/templates/audit/policy-review.org b/templates/audit/policy-review.org
new file mode 100644
index 0000000..f67f844
--- /dev/null
+++ b/templates/audit/policy-review.org
@@ -0,0 +1,20 @@
+#+TITLE: IT Policy Review Record
+#+FILETAGS: :audit:policy:
+
+* Policy Name:
+- Version:
+- Owner:
+- Review Date: %<%Y-%m-%d>
+
+* Summary of Changes
+- Clarified access escalation rules
+- Updated acceptable use policy
+
+* Review Outcome
+- [X] Approved
+- [ ] Rejected
+- [ ] Needs revision
+
+* Reviewer Comments
+
+* Next Review Due:
+\ No newline at end of file