✅
Checklist
SOC 2 Readiness Checklist
SOC 2
SOC 2 Readiness Checklist
120-point gap analysis covering all five Trust Services Criteria — print, tick, share with your auditor.
Get checklist
Audit-Ready Tooling
Checklists & Templates
Battle-tested checklists, policies and spreadsheets you can fork today — built from hundreds of real audits and security programs.
12 resources
📋
Template
ISO 27001 Statement of Applicability (SoA) Template
ISO 27001
ISO 27001 Statement of Applicability (SoA) Template
Pre-filled Annex A control register — duplicate, justify inclusions/exclusions and ship to your auditor.
Get template🏥
Template
HIPAA Risk Analysis Template
HIPAA
HIPAA Risk Analysis Template
Structured Risk Analysis spreadsheet aligned to the OCR audit protocol with likelihood/impact scoring built in.
Get template🇪🇺
Template
GDPR Data Processing Agreement (DPA) Template
GDPR
GDPR Data Processing Agreement (DPA) Template
Article 28-compliant DPA you can send to processors — clauses for sub-processors, transfers and audit rights.
Get template🇮🇳
Checklist
India DPDP Act Compliance Checklist
DPDP
India DPDP Act Compliance Checklist
India’s Digital Personal Data Protection Act mapped to operational tasks — consent, notice, retention and SDF status.
Get checklist💳
Checklist
PCI DSS 4.0 Self-Assessment Checklist
PCI DSS
PCI DSS 4.0 Self-Assessment Checklist
All 12 PCI DSS requirements broken into actionable evidence asks for SAQ-D and Level 1 merchants.
Get checklist📊
Template
Enterprise Risk Register Template
Risk
Enterprise Risk Register Template
Heat-map driven risk register with treatment plans, owners and review dates — ready for your next risk committee.
Get template🤝
Template
Vendor Security Questionnaire (SIG-Lite)
Vendor Risk
Vendor Security Questionnaire (SIG-Lite)
A practical 60-question vendor due diligence questionnaire mapped to SOC 2, ISO 27001 and CIS controls.
Get template📜
Policy Pack
Information Security Policy Pack (15 policies)
Policies
Information Security Policy Pack (15 policies)
Audit-ready policies — Access Control, Change Mgmt, Incident Response, BCP/DR, Secure SDLC and more.
Get policy pack🚨
Playbook
Incident Response Playbook (Ransomware)
Incident
Incident Response Playbook (Ransomware)
Hour-by-hour playbook for the first 72 hours of a ransomware incident — with RACI and comms templates.
Get playbook☁️
Checklist
AWS Security Baseline Checklist
Cloud
AWS Security Baseline Checklist
Hardening checklist for AWS Org, IAM, S3, EC2, RDS, VPC, GuardDuty & SecurityHub — mapped to CIS & SOC 2.
Get checklist⚙️
Template
Secure SDLC Threat Model Template
Engineering
Secure SDLC Threat Model Template
STRIDE-based threat-model template engineers use during design review — abuse cases, mitigations, sign-off.
Get templateNo resources match your search.
Want a resource we haven’t published?
Tell us what you’re working on and we’ll send back the right kit, template or expert call.
Talk to an advisor