Assemble a complete audit evidence pack for [Standard_Name] covering the audit period [AuditPeriod]. Map controls to [ControlIDs] and the current policy version [PolicyVersion]. Identify evidence sources (access logs, approval tickets, inventory records, CCTV pull lists) and sampling strategy. Define reviewer workflow for [ReviewerRole] sign-off and evidence retention.
Output format:
Evidence index (Markdown table): Control | Evidence Type | System | Owner | Location | Retention.
Sampling plan (Markdown): Population | Sample Size | Selection Method | Rationale.
Auditor Q&A brief (bulleted) with anticipated questions and pre-approved answers.
Gap log (Markdown table): Gap | Impact | Remediation | Due Date | Owner.
Attestation statement template (Markdown).
Ensure traceability between request IDs, approvals, badge IDs, and door events; include redaction guidance for PII minimisation.