We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.

Filter By:



Recent Blogs & Podcasts

Tools & Templates

\ Tools & Templates\ GRC


Our collection of tools, toolkits, templates, checklists, matrices and maps provides assistance for tackling specific InfoSec initiatives. Developed by industry experts, these materials offer step-by-step guidance on approaching and completing common tasks.

IANS Tools & Templates

November 27, 2018 | Privacy

 Personal Data Inventory Worksheet

When it comes to privacy, you can’t manage what you don’t know or hasn’t been defined. This worksheet helps determine the specific types of personal data collected, processed, stored or otherwise accessed within each business unit of an organization. 

Read More »

November 27, 2018 | Privacy

 Personal Data Flows Worksheet

When it comes to privacy, you can’t manage what you don’t know and has not been defined. This worksheet helps determine how an organization’s internal and external partners and other entities collect, process, store or otherwise access personal data. It also helps identify the security controls applied in each case to better clarify risks and uncover critical security gaps. 

Read More »

June 13, 2018 | Risk Management

 Risk Acceptance Template

This template for a risk acceptance memo is designed both to drive discussion, and provide an opportunity for business stakeholders (e.g., the system owner, business owner, etc.) to understand and perhaps even challenge the associated risk assumptions, constraints and calculations.

Read More »

April 30, 2018 | Privacy

 GDPR-Compliant Privacy Policy Template

This is a template for a very mature privacy policy that covers General Data Protection Regulation (GDPR) Articles 4, 9, 14, 17 and 30. It is designed to clearly communicate how much the company cares about data privacy, what kind of data it potentially handles and how users/customers can delete it. 

Read More »

February 1, 2018 | Risk Management

 IANS Risk Register Tool (Updated)

Building a Risk Register is a critical undertaking for organizations of all sizes, and there are a number of factors that contribute to its accuracy and success. This tool (updated to include the latest PCI DSS 3.2 requirements) offers a step-by-step guide for identifying risk and harm, calculating exposure and adopting appropriate security controls. 

Read More »

January 30, 2018 | Enterprise and IT Compliance Management

 IANS General Data Protection Regulation (GDPR) Checklist

With all the noise, panic and questions about the EU’s new General Data Protection Regulation (GDPR), it’s difficult to discern the right mix of policies, procedures and technologies to ensure compliance. This checklist helps prioritize the practical steps you can take today to ensure your organization is fully prepared when the ruling comes into full force this May.

Read More »

December 6, 2017 | Security Policies and Strategy

 M&A and Divestiture Security Checklists

These checklists are designed to be a guide to help information security professionals understand the M&A and divestiture processes end-to-end, identify the best places to inject security and determine to-do list items that must be addressed within the deal lifecycle. 

Read More »

November 13, 2017 | Enterprise and IT Compliance Management

 HIPAA Risk Assessment Template

The Health Insurance Portability and Accountability Act (HIPAA) Risk Assessment Template is designed to help organizations remain compliant with HIPAA. It describes a thorough risk analysis process organizations can take and identifies which supporting documents should be included as appendices.

Read More »

October 16, 2017 | Risk Management

 Employee Termination Checklist

Former employees at many organizations still have access to corporate applications after they leave their jobs. Even the most basic security missteps can leave an organization vulnerable to unauthorized access or breaches long after an employee leaves a job. This checklist offers information security best practices and actions to take when an employee leaves an organization.

Read More »