Free compliance & security resources
Templates, checklists, and guides you can download and use immediately.
SOC 2 Policy Templates
19 policy and operational templates that can be directly uploaded to Vanta, Drata, or similar GRC platforms. Includes all the tweaks we learned to make them better suited for startups.
What Causes SOC 2 Exceptions
A detailed breakdown of the operational and technical controls that most commonly cause SOC 2 audit exceptions, with practical advice on how to avoid them.
ISO 27001 Policy Templates
3 foundational templates for implementing an ISO 27001 ISMS. Can be directly uploaded to Vanta, Drata, or similar GRC platforms.
SOC 2 and ISO 27001 Scope
A reference document explaining what "scope" means in SOC 2 and ISO 27001, with examples of which systems, personnel, and infrastructure are in and out of scope.
GDPR Policy Templates
3 templates for GDPR compliance. Can be directly uploaded to Vanta, Drata, or similar GRC platforms.
Vanta Risk Register Template
A pre-populated SOC 2 baseline risk register spreadsheet that can be uploaded directly into Vanta as-is.
Employee Onboarding/Offboarding Checklist
A spreadsheet checklist with all the onboarding and offboarding items that need to be tracked for SOC 2, plus a role-based access matrix.
AI Governance Policy Template
A fill-in-the-blank template for an internal AI governance policy.
Marketing Terms Related to Security
A list of short, accurate descriptions of common security controls you can use on your website, in sales materials, or in RFP responses.
How to Answer Security Questionnaires (with AI Prompt)
A guide on how to approach security questionnaires from prospective customers, plus a ready-to-use AI system prompt for drafting responses.
Security & IT 101 for Seed Companies [All Free, Bare Minimum]
7 free ways for startups to improve IT & security: 2FA, secure Google accounts, separate cloud environments, GitHub rules, email protections, and MDM setup.