Free Resources

Templates & checklists for owners and managers.

Free, vertical-specific tools you can actually use — drafted by the team that runs the security operations behind them. Drop your work email and they unlock immediately.

Auto Dealerships

FTC Safeguards Rule WISP Template — for Auto Dealerships

A written information security programme (WISP) template aligned to all nine FTC Safeguards Rule elements. Fill in the blanks, sign at the bottom, file it. Drafted for franchise dealerships and independent dealers.

  • Covers all 9 required FTC Safeguards elements
  • Plain-English template language you can adapt and adopt
  • Evidence checklist for each section — what to keep on file
  • Drafted for dealership realities — DMS, F&I, customer credit data
Get the template
Insurance Agencies

NAIC Model Law WISP Template — for Independent Insurance Agencies

A written information security programme (WISP) template aligned to the NAIC Insurance Data Security Model Law. Fill in the blanks, sign, file with your annual certification. Drafted for independent agencies, MGAs, and wholesale brokers.

  • Aligned to every NAIC Model Law control family
  • 72-hour Cybersecurity Event notification workflow built in
  • Evidence checklist for each section — what regulators and E&O carriers expect
  • Drafted for agency realities — AMS, carrier portals, commission flows, wholesalers
Get the template
Iowa Insurance Agencies

Iowa Insurance Data Security Act WISP Checklist — for Iowa Agencies

A plain-English readiness checklist mapped to the Iowa Insurance Data Security Act (Iowa Code Ch. 507F) — the exemption thresholds, every required control, and the evidence to keep on file. Built for independent agencies in Des Moines and across Iowa.

  • Starts with the Iowa exemption thresholds — does the Act even apply to you?
  • Yes/no readiness checks for all 10 Ch. 507F control areas
  • Evidence checklist for each — what the Iowa Insurance Division expects
  • Drafted for Iowa agency realities — AMS, carrier portals, commission flows
Get the template
Healthcare Practices

HIPAA Risk-Analysis Worksheet — for Medical & Dental Practices

The fillable risk-analysis worksheet OCR actually wants — ePHI inventory, threat-vulnerability mapping, likelihood and impact ratings, mitigation tracking, and a 9-step self-audit. Built for small and mid-size medical, dental, and specialty practices.

  • Built for §164.308(a)(1)(ii)(A) — OCR's most-cited deficiency
  • ePHI-location inventory pre-populated for typical practices
  • Threat → vulnerability → likelihood → impact → rating tables
  • 9-step OCR self-audit and Security Official sign-off block
Get the template
Healthcare Practices

HIPAA Business Associate Agreement Checklist & Vendor Tracker

Verify any vendor's BAA against the required elements (45 CFR 164.504(e)) before you sign, and track every business associate so a current BAA is always on file. Points to HHS's official sample language.

  • Required-elements checklist — catch missing subcontractor flow-down & breach timelines
  • Vendor / business-associate inventory and BAA-status tracker
  • Cloud-provider BAA notes (Microsoft 365, Google, Dropbox, AWS)
  • Pointer to HHS's official sample BAA — plus a review sign-off block
Get the template
Healthcare & Vendors

HIPAA Business Associate Agreement (BAA) Template

A plain-English, fillable business associate agreement covering all eight elements required by 45 CFR 164.504(e) — permitted uses, safeguards, breach reporting, subcontractor flow-down, individual rights, and return/destruction. Fill in the parties, set your timelines, have counsel review, and sign.

  • All 8 required BAA elements under 45 CFR 164.504(e)
  • Fill-in party, date, and reporting-timeline fields
  • Subcontractor flow-down & return/destruction clauses built in
  • Signature block — counsel-review-ready starting point
Get the template
Tax Preparers & Accounting Firms

IRS Pub 4557 Security Six + FTC WISP Checklist — for Tax Preparers

The Security Six controls plus the nine FTC Safeguards WISP elements, in one fillable checklist. PTIN-renewal-ready attestation language, IRS Stakeholder Liaison contacts, and evidence checklists for every control. Drafted for solo preparers through 50-staff firms.

  • Covers IRS Pub 4557 Security Six AND all 9 FTC Safeguards WISP elements
  • PTIN-renewal attestation language ready to use
  • Tax-season risk register and incident-response contact table
  • Evidence checklist for every control — what to keep on file
Get the template
Veterinary Practices

Veterinary Practice Cyber-Readiness Checklist — PIMS & Insurer-Ready

A PIMS-ransomware-resistant baseline, the verification procedure that stops fake-distributor-invoice fraud, and a cyber-insurance questionnaire prep sheet in one fillable checklist. Built for practices without an IT department.

  • 8-control PIMS-ransomware-resistant baseline (Cornerstone, AVImark, ezyVet, ImproMed)
  • Distributor-invoice-fraud verification procedure and log
  • Cyber-insurer questionnaire prep across 6 control areas
  • Practice-owner sign-off and tabletop review log
Get the template
Emergency Response

Cyber Incident Response Card (Single-Page Emergency Reference)

A printable single-page emergency card — first steps, what NOT to do, key-contact slots to fill in, triage questions, and notification-window reminders. Designed for the first hour of an incident, when reading anything longer isn't happening.

  • First 5 things to do (isolate, document, alert, call carrier)
  • First 5 things NOT to do (don't pay, don't reboot, don't go off-panel)
  • 10 pre-filled contact slots — carrier, IR firm, breach counsel, backup vendor, MSSP, etc.
  • Notification windows reference (HIPAA, NAIC, SEC, GDPR, state laws)
Get the template
CMMC · DoD Subcontractors

CMMC Self-Assessment Worksheet (Level 1 + Level 2)

Fillable worksheet covering all 15 Level 1 practices with evidence prompts plus a Level 2 family-by-family SPRS scoring template. Print and complete, or import into your document management system.

  • All 15 FAR 52.204-21 Level 1 practices with FAR citations
  • Evidence prompts and notes fields for each practice
  • Level 2 family-by-family SPRS scoring template (110 controls)
  • Senior-official attestation block and legal-disclaimer footer
Get the template
Real Estate & Title

Real-Estate Closing Wire-Fraud Verification Procedure

The five-stage wire-fraud kill-chain controls, a printable buyer-side verification script, the brokerage / title-agency control stack, and ALTA Best Practices Pillar 3 attestation prompts for title agencies — in one adopted procedure.

  • Controls mapped to every stage of the 5-stage wire-fraud kill chain
  • Printable buyer-side verification script with red flags and IC3 reporting
  • 9-control brokerage and title-agency stack
  • ALTA Best Practices Pillar 3 attestation prompts for title agencies
Get the template
All Businesses

Incident Response Plan Template

A fillable incident response plan for SMBs — team roster, severity levels, the six IR phases, a notification matrix (insurer, counsel, regulators, clients), evidence-preservation rules, and a post-incident review with a test log.

  • IR team roster and out-of-band contacts
  • SEV-1 to SEV-3 severity levels with examples
  • The 6 phases: prepare, detect, contain, eradicate, recover, review
  • Notification matrix + evidence-preservation do-not-do rules
Get the template
All Businesses

AI Acceptable-Use Policy Template

A plain-English AI acceptable-use policy for SMBs — approved tools, the data that must never go into public AI, human-review requirements, a new-tool request process, and an employee acknowledgment page.

  • Approved-tools list you fill in for your firm
  • The data that must never go into public AI
  • Human-review, disclosure, and prohibited-use rules
  • Employee acknowledgment & sign-off page
Get the template
Cyber Insurance

Cyber-Insurance Readiness Worksheet

Self-score the controls carriers actually require, prep the renewal questionnaire, check your coverage line by line, and spot the gaps that get claims denied — all before the underwriter does.

  • 14-control readiness checklist with Yes / Partial / No scoring
  • The questions carrier applications now ask — with prep space
  • Coverage checklist (BEC, extortion, business interruption, and more)
  • The gaps that get claims denied, plus a readiness score
Get the template
All Businesses

Small-Business Cybersecurity Checklist

A fillable baseline across the eight areas that matter most for a small business — identity, devices, email, backups, network, cloud, monitoring, and governance. Score each item, add up your maturity, and see what to fix first.

  • Eight domains, ~35 controls, Done / Partial / No scoring
  • Mostly free or already in tools you pay for
  • Built-in maturity score with priority next steps
  • Proof for insurers, client questionnaires, or your own peace of mind
Get the template

More templates and checklists in development — accounting, healthcare, insurance, veterinary, and real estate.

Want help operating the controls behind these templates?

Free 30-minute assessment — we map your environment to the gaps and hand you a one-page roadmap. No sales pressure.

Get Free Assessment