Policy Templates

149 governance starting configurations across industries, use cases, and compliance frameworks. Choose a template, customize it, validate it, and deploy it through a supported gateway profile.

Compliance & Audit

Regulatory and audit-oriented templates for public accountability, sovereignty, and defensible AI operations.

SOC 2 Type I

SOC 2 Type I template for point-in-time design effectiveness against the AICPA Trust Services Criteria.

GlobalFrameworkType 1
View details

SOC 2 Type II

SOC 2 Type II template for operating effectiveness across the AICPA Trust Services Criteria.

GlobalFrameworkType 2
View details

ISO/IEC 27001

ISO/IEC 27001 template for ISMS, supplier assurance, continuity, and cloud privacy controls.

GlobalFrameworkCertification-oriented controls
View details

ISO/IEC 42001

ISO/IEC 42001 template for AI governance, risk treatment, oversight, and data quality.

GlobalFrameworkCertification-oriented controls
View details

GDPR (Data Controller)

GDPR controller template for lawful basis, transparency, data subject rights, and breach obligations.

EUFramework
View details

GDPR (Data Processor)

GDPR processor template for Article 28 security, sub-processor, and audit support obligations.

EUFramework
View details

UK GDPR

UK GDPR template for UK personal-data transparency, rights handling, and breach reporting.

UKFramework
View details

CCPA / CPRA

CCPA / CPRA template for California privacy notices, consumer rights, opt-out controls, and ADMT readiness.

USFramework
View details

LGPD (Brazil)

LGPD template for Brazilian lawful-basis, rights, and ANPD breach-reporting obligations.

BRFramework
View details

HIPAA (Covered Entity)

HIPAA covered-entity template for PHI safeguards, access control, auditing, and breach notification.

USFramework
View details

HIPAA (Business Associate)

HIPAA business-associate template for BAA, subcontractor, and PHI security obligations.

USFramework
View details

HITECH

HITECH template for PHI breach notification, direct BA liability, and encryption-focused safeguards.

USFramework
View details

PCI DSS v4.0.1

PCI DSS v4.0.1 template for cardholder-data security, testing, and change control.

GlobalFrameworkLevel 1
View details

GLBA (Gramm-Leach-Bliley)

GLBA template for privacy notices, safeguards, risk management, and incident response.

USFramework
View details

SOX ITGC

SOX ITGC template for access, change, operations, and segregation-of-duties controls.

USFramework
View details

SEC/FINRA Books & Records

SEC/FINRA template for WORM retention, supervision, and controlled access to records.

USFramework
View details

FedRAMP Moderate

FedRAMP Moderate template for NIST 800-53 cloud controls and continuous monitoring.

USFrameworkModerate
View details

FedRAMP High

FedRAMP High template for high-impact federal cloud security, media, and physical controls.

USFrameworkHigh
View details

NIST SP 800-53 Moderate

NIST 800-53 Moderate template for assessed federal security controls at FIPS 199 moderate impact.

USFrameworkModerate
View details

NIST AI RMF

NIST AI RMF template for trustworthy AI governance, data quality, oversight, and risk treatment.

GlobalFramework
View details

CJIS Security Policy

CJIS template for CJI authentication, personnel, media, physical, and audit controls.

USFramework
View details

NIS2 Directive

NIS2 template for EU cyber risk management, continuity, crisis, and incident reporting.

EUFramework
View details

DORA

DORA template for EU financial ICT risk, resilience testing, continuity, and third-party oversight.

EUFramework
View details

FDA 21 CFR Part 11

FDA 21 CFR Part 11 template for validation, audit trail, access, and electronic-signature controls.

USFramework
View details

GxP / GMP Annex 11

GxP / GMP Annex 11 template for validation, ALCOA+ integrity, backup, and supplier controls.

EUGlobalFramework
View details

TISAX

TISAX template for automotive information security, prototype protection, and data classification.

EUGlobalFramework
View details

ISO 26262

ISO 26262 template for automotive functional safety, V&V, and safety-analysis controls.

GlobalFrameworkAsil D
View details

NERC CIP

NERC CIP template for BES cyber access, recovery, and supply-chain security controls.

USFramework
View details

MAS TRM

MAS TRM template for Singapore ICT risk, continuity, data management, and AI risk-management controls.

SGFramework
View details

APRA CPS 234

APRA CPS 234 template for information-security capability, testing, risk, and incident obligations.

AUFramework
View details

Industry-Specific

Curated starter templates for common regulated industries and high-risk operational workflows.

Finance

Financial services template for PCI-aware redaction, MNPI suppression, supervisory disclaimers, and auditable AI operations.

USEUGlobal
View details

Healthcare (US — HIPAA)

HIPAA-aligned governance starter for US healthcare organizations using AI systems with PHI; validate configuration and non-gateway safeguards before use.

US
View details

Healthcare (EU — GDPR)

Starter control mapping for GDPR Article 9 health-data handling and EU AI Act risk-management considerations in European healthcare AI.

EUEEAUK
View details

Healthcare

Global healthcare AI governance starter for health-data protection, clinical safety, and regulatory control mapping across jurisdictions.

GlobalUSEU+3
View details

Legal

Legal template for privilege preservation, unauthorized-practice controls, citation reliability, and defensible audit records.

USEUGlobal
View details

Defense (US)

US defense and intelligence governance starter mapping configurable controls to ITAR/EAR, NIST 800-53, and DoD AI ethics considerations.

US
View details

Defense (EU)

EU defense governance starter for configurable dual-use controls, sanctions screening, and human review of mission-impacting AI outputs.

EU
View details

China Export Controls

Template for PRC export-control, data-sovereignty, state-secrets, and politically sensitive content governance.

ChinaGlobal
View details

Government

US federal government template mapping configurable controls to FedRAMP, FISMA, OMB M-25-21, and evidence-heavy human oversight for public-sector AI use.

US
View details

EU AI Act Compliance

Compliance-oriented template for EU AI Act risk classification, transparency, conformity assessment, and human oversight.

EU
View details

Education

Education template for K-12 and higher education with FERPA-first privacy, child safety, and bias controls.

USEUGlobal
View details

HR / Recruitment

HR and recruitment template for anti-discrimination, automated decision fairness, and auditable human review.

USEUGlobal
View details

Justice System

Justice system template for due process, algorithmic fairness, and strong judicial override.

USEUGlobal
View details

Law Enforcement

Law enforcement template for CJIS-aligned privacy, constitutional safeguards, and bias-sensitive oversight.

USEUGlobal
View details

Consumer

Consumer-facing template for privacy minimization, abuse prevention, safety controls, and consent-aware AI interactions.

USEUGlobal
View details

Startups

Startup governance starter with configurable baseline data-protection, abuse-prevention, and audit controls.

Global
View details

Small & Medium Business

Balanced governance template for SMBs that need practical controls for confidentiality, employee data, and oversight.

Global
View details

Critical Infrastructure

Template for OT/ICS-heavy critical infrastructure with strict human control, anti-probing defenses, and safety-preserving AI restrictions.

USEU
View details

Automotive

Safety-critical automotive template for connected vehicles, functional safety evidence, and restrictive engineering workflows.

EUUSGlobal
View details

Zero Data Retention

Privacy-focused template that routes only to targets marked by the operator as zero-retention and adds local defense-in-depth safeguards. Verify provider terms and account settings before production use.

USEUGlobal
View details

Finance & Professional Services

Governed starters for finance, legal, consulting, and other professional-services teams handling sensitive decisions and records.

Accounting Audit

Accounting-review controls for sensitive financial data, a configurable human-oversight point, and audit evidence.

USEUGlobal
View details

Asset Management

Asset-management controls for confidential client data, market-sensitive content, and a configurable human-oversight point.

USEUGlobal
View details

Insurance Claims

Insurance-claims controls for claimant privacy, financial content, a configurable human-oversight point, and traceable decisions.

USEUGlobal
View details

Insurance Underwriting

Underwriting controls for protected applicant data, a configurable human-oversight point for recommendations, and decision evidence.

USEUGlobal
View details

Payment Processing

Payment-workflow controls for card data, transfer instructions, a configurable human-oversight point, and audit records.

USEUGlobal
View details

Credit Scoring

Credit-analysis controls for applicant privacy, a configurable human-oversight point for fairness-sensitive decisions, financial guidance, and evidence.

USEUGlobal
View details

Mortgage Processing

Mortgage-processing controls for borrower data, regulated documents, a configurable human-oversight point, and auditability.

USEUGlobal
View details

RegTech Reporting

Regulatory-reporting controls for protected records, a configurable human-oversight point for financial output, and traceable review.

USEUGlobal
View details

Wealth Management

Wealth-management controls for client privacy, market-sensitive content, a configurable human-oversight point for advice, and records.

USEUGlobal
View details

Open Banking

Open-banking controls for payment data, sensitive instructions, a configurable human-oversight point, and traceability.

EUUKGlobal
View details

Attorney-Client Privilege

Privilege-focused controls for confidential matters, citation checks, a configurable human-oversight point, and audit evidence.

USEUGlobal
View details

Contract Review

Contract-review controls for confidential terms, source checking, a configurable human-oversight point, and traceability.

USEUGlobal
View details

eDiscovery

eDiscovery controls for privileged material, sealed records, citation checks, and a configurable human-oversight point for evidence.

USEUGlobal
View details

Consulting Firm

Consulting-workflow controls for client confidentiality, access, output quality, and audit records.

Global
View details

Patent Research

Patent-research controls for confidential inventions, citation checks, a configurable human-oversight point, and evidence.

USEUGlobal
View details

Tax Advisory

Tax-advisory controls for protected records, citation checks, a configurable human-oversight point, and traceability.

USEUGlobal
View details

Architecture & Engineering IP

Engineering-IP controls for restricted designs, client privacy, a configurable human-oversight point, and auditability.

Global
View details

Management Consulting

Management-consulting controls for confidential engagements, access, output quality, and records.

Global
View details

Forensic Accounting

Forensic-accounting controls for sensitive evidence, financial content, a configurable human-oversight point for findings, and records.

USEUGlobal
View details

Compliance Advisory

Compliance-advisory controls for protected client material, a configurable human-oversight point for guidance, and traceable evidence.

Global
View details

Healthcare & Life Sciences

Healthcare, clinical, research, and life-sciences templates with privacy, safety, and human-oversight controls.

Clinical Decision Support

Clinical decision-support controls for PHI, citation checks, a configurable human-oversight point, and audit evidence.

USEUGlobal
View details

Telehealth

Telehealth controls for PHI, an RBAC configuration point, citation checks, and a configurable human-oversight point.

USEUGlobal
View details

Medical Records Summarization

Medical-summary controls for PHI, citation checks, a configurable human-oversight point, and traceability.

USEUGlobal
View details

Mental Health

Mental-health controls for highly sensitive records, citation checks, a configurable human-oversight point, and evidence.

USEUGlobal
View details

Clinical Trials

Clinical-trial controls for participant data, citation checks, a configurable human-oversight point, and records.

USEUGlobal
View details

Genomics Research

Genomics-research controls for sensitive data, an RBAC configuration point, citation checks, and a configurable human-oversight point.

USEUGlobal
View details

Medical Device

Medical-device controls for protected data, citation checks, a configurable human-oversight point, and traceability.

USEUGlobal
View details

Radiology

Radiology controls for imaging-related PHI, citation checks, a configurable human-oversight point, and evidence.

USEUGlobal
View details

Laboratory Diagnostics

Laboratory-diagnostic controls for PHI, citation checks, a configurable human-oversight point, and records.

USEUGlobal
View details

Pharmaceutical R&D

Pharmaceutical R&D controls for protected research data, citation checks, a configurable human-oversight point, and traceability.

USEUGlobal
View details

Technology & Platforms

Platform, developer, and internal-product templates focused on tool governance, secure development, and operational discipline.

SaaS Platforms

SaaS-platform controls for customer data, secrets, agent tools, a configurable human-oversight point, and evidence.

Global
View details

Developer Tools

Developer-tool controls for credentials, generated code, tool use, a configurable human-oversight point, and auditability.

Global
View details

Cloud Providers

Cloud-operations controls for sensitive data, restricted agent tools, a configurable human-oversight point, and evidence.

Global
View details

Cybersecurity Products

Security-product controls for credentials, code safety, tool analysis, a configurable human-oversight point, and records.

Global
View details

Data Analytics

Analytics controls for personal data, secrets, agent tools, output quality, and traceability.

Global
View details

Gaming

Gaming controls for player privacy, unreleased content, citation and default safety keyword checks, and a configurable human-oversight point.

Global
View details

EdTech

EdTech controls for student data, default safety keyword and citation checks, and configurable bias-monitor and human-oversight policy points.

USGlobal
View details

MarTech

MarTech controls for audience data, credentials, agent tools, a configurable human-oversight point, and evidence.

Global
View details

Enterprise Copilot

Enterprise-copilot controls for internal data, agent actions, a configurable human-oversight point, and traceability.

Global
View details

IoT Platform

IoT-platform controls for device data, credentials, agent tools, a configurable human-oversight point, and records.

Global
View details

Industrial & Manufacturing

Operational templates for manufacturing, industrial systems, and safety-sensitive deployment environments.

Aerospace Manufacturing

Aerospace controls for sensitive designs, default safety keyword filtering, a configurable human-oversight point, and production evidence.

Global
View details

Chemical Industry

Chemical-process controls for restricted plant data, default safety keyword filtering, a configurable human-oversight point, and evidence.

Global
View details

Electronics Manufacturing

Electronics-manufacturing controls for protected designs, default safety keyword filtering, quality scoring, and records.

Global
View details

Food & Beverage

Food-production controls for restricted operations data, default safety keyword filtering, quality scoring, and traceability.

Global
View details

Energy Sector

Energy-sector controls for operational data, default safety keyword filtering, a configurable human-oversight point, and audit evidence.

Global
View details

Construction

Construction controls for protected plans, default safety keyword filtering, a configurable human-oversight point, and records.

Global
View details

Precision Agriculture

Precision-agriculture controls for operational data, default safety keyword filtering, a configurable human-oversight point for actions, and evidence.

Global
View details

Mining Operations

Mining controls for restricted site data, default safety keyword filtering, a configurable human-oversight point, and records.

Global
View details

Industrial Robotics

Industrial-robotics controls for protected systems, default safety keyword filtering, a configurable human-oversight point, and traceability.

Global
View details

Transportation & Logistics

Templates for transportation, fleet, logistics, and cross-border operational workflows.