Governance Templates

Ready-to-use document templates for every policy, assessment, checklist, and report referenced across the 20 controls. Copy, customize, and implement.

DATA MODEL ASSURANCE GOVERNANCE INFRASTRUCTURE
DATA 2 templates
Data Classification Guide for AI Systems Procedure

Rules for classifying data before submission to AI tools, including AI-specific classification levels and decision matrices.
AI Interaction Data Retention Policy Policy

Defines retention periods, consent requirements, and deletion procedures for AI prompts, responses, and interaction metadata.
MODEL 1 templates
Prompt Injection Defense Checklist Checklist

Technical and process checks for securing AI inputs against prompt injection, jailbreaking, and related adversarial attacks.
ASSURANCE 2 templates
AI Red Team Playbook Procedure

Adversarial testing procedures for AI systems covering prompt injection, jailbreaking, data extraction, and agentic attack scenarios.
AI Incident Response Plan Procedure

Incident response procedures tailored for AI-specific incidents including model compromise, prompt injection exploitation, and data leakage through AI systems.
GOVERNANCE 3 templates
AI Acceptable Use Policy Policy

Defines approved AI tools, prohibited activities, and data handling rules for all personnel interacting with AI systems.
AI Deployment Validation Checklist Checklist

Pre-deployment gate checklist covering security, performance, bias, privacy, and rollback planning for AI systems.
AI Risk Self-Assessment Questionnaire Assessment

Periodic maturity and risk assessment questionnaire covering governance, data protection, model security, and operational monitoring of AI systems.
INFRASTRUCTURE 2 templates
AI Asset Inventory Register Register

Template for cataloging all AI assets across the organization including models, tools, integrations, and shadow AI discovery processes.
AI Vendor Security Evaluation Rubric Assessment

Scoring rubric for evaluating the security, transparency, and contractual posture of AI vendors and third-party AI services.