Templates for GRC teams
Reusable policy, questionnaire, and evidence structures for busy teams.
Vendor risk tiering template
A simple tiering model to decide which vendors need fast review, deep review, or ongoing monitoring.
Read articleSecurity questionnaire response template
A reusable structure for answering common buyer diligence questions with less copy-paste effort.
Read articleSOC 2 evidence matrix template
A simple way to track each control, its evidence source, owner, and review cadence before fieldwork starts.
Read articleGDPR vendor review questions for SaaS teams
A practical set of privacy-focused questions to ask subprocessors before approving them.
Read articleISO 27001 statement of applicability template
A lightweight way to document which Annex A controls apply, why they apply, and how they are implemented.
Read articleGDPR RoPA template for SaaS products
A practical structure for records of processing activities that product and compliance teams can maintain together.
Read articleHIPAA business associate review template
A review structure for third parties that can create, receive, maintain, or transmit PHI on your behalf.
Read articleTrust center content map
A simple framework for deciding what belongs in your trust center, what should be gated, and what should stay internal.
Read articleAudit request intake template
A lightweight template for capturing auditor requests, owners, due dates, and evidence status in one place.
Read article