IT Health check

Pen Test Reports

Information Security Policy

Change Management Policy

Incident Response/management Policy

Acceptable Use policy

Risk Management Policy/Framework

Asset Inventories (Hardware and Software)

Access Control Policy

SOC Handbook/Playbook

Infrastructure and/or Architecture Diagrams

Supplier/Third-Party Policies and also a definitive list of relevant suppliers and/or dependencies (Especially in cloud environment)

External or internal audit Reports

SOC Training Materials – Onboarding a new staff member.

Third-Party Connections register – Do you have any IT suppliers directly connected to your network? Is that captured in a list/register?

Applicable Legislations Register – a summarised list of what laws/regulations/standards they are subject to.

Any other documentation