Policy Templates
54 pre-built governance configurations for every industry and compliance framework. Pick a template, customize it, and deploy in minutes.
Canonical Frameworks
ISO 27001, SOC 2, HIPAA, GDPR, and other regulation-specific compliance frameworks with structured evidence, control domains, and assurance levels.
SOC 2 Type I
Point-in-time SOC 2 readiness with Trust Services Criteria controls.
SOC 2 Type II
Continuous SOC 2 compliance with change management and risk controls.
ISO/IEC 27001
International information security management system standard.
ISO/IEC 42001
AI management system standard for responsible AI governance.
GDPR (Data Controller)
EU data-controller obligations — consent, data rights, and breach notification.
GDPR (Data Processor)
EU data-processor obligations — DPAs, subprocessor management, and logging.
UK GDPR
UK data-protection framework post-Brexit — ICO-aligned.
CCPA / CPRA
California consumer privacy rights — opt-out, data-sale restrictions, and ADMT.
LGPD (Brazil)
Brazil's General Data Protection Law — ANPD-aligned.
HIPAA (Covered Entity)
HIPAA compliance for healthcare providers and health plans.
HIPAA (Business Associate)
HIPAA compliance for business associates and subcontractors.
HITECH
HITECH Act breach notification and enhanced enforcement for health IT.
PCI DSS v4.0
Payment card industry security for AI systems handling cardholder data.
GLBA (Gramm-Leach-Bliley)
Financial privacy and safeguards for banks, insurers, and securities firms.
SOX ITGC
Sarbanes-Oxley IT general controls for financial reporting systems.
SEC/FINRA Books & Records
Securities communication archiving and supervision requirements.
FedRAMP Moderate
FedRAMP Moderate authorization for cloud AI serving federal agencies.
FedRAMP High
FedRAMP High authorization for sensitive government AI workloads.
NIST SP 800-53 Moderate
Federal information system security controls at the Moderate impact level.
NIST AI RMF
AI risk management framework for trustworthy and responsible AI.
CJIS Security Policy
FBI CJIS security controls for criminal justice information systems.
NIS2 Directive
EU network and information security for essential and important entities.
DORA
EU digital operational resilience for financial institutions.
FDA 21 CFR Part 11
FDA electronic records and signatures for life-sciences AI.
GxP / GMP Annex 11
EU pharmaceutical and life-sciences computerized system validation.
TISAX
Automotive information security assessment for supply-chain partners.
ISO 26262
Automotive functional safety for AI in safety-critical vehicle systems.
NERC CIP
Critical infrastructure protection for the North American bulk electric system.
MAS TRM
Singapore financial technology risk management guidelines.
APRA CPS 234
Australian prudential information security for regulated financial entities.
Industry-Specific
Finance, healthcare, legal, defense, and more — with domain-tailored policy rules and guardrails.
Finance
Pre-configured guardrails for financial services AI, covering SOX, PCI-DSS, and Basel III.
Healthcare (US — HIPAA)
HIPAA-aligned AI policy for US healthcare providers and covered entities.
Healthcare (EU — GDPR)
GDPR-compliant healthcare AI with Article 9 special-category data protections.
Healthcare
Global healthcare AI governance aligned to WHO and ICD-11 standards.
Legal
AI policy for law firms — privilege detection, ethical guardrails, and audit trails.
Defense (US)
ITAR/EAR-compliant AI controls for US defense and national security organizations.
Defense (EU)
EU defense AI governance with dual-use export controls and NATO alignment.
Government
FedRAMP and FISMA-aligned AI policy for US federal agencies.
Education
FERPA and COPPA-compliant AI policy for K-12 and higher education.
HR / Recruitment
Anti-bias and EEOC-aligned AI controls for hiring and workforce management.
Justice System
Due-process-aligned AI governance for courts, corrections, and judicial analytics.
Law Enforcement
CJIS-aligned AI policy for police departments and public-safety agencies.
Consumer
FTC-aligned AI safety controls for consumer-facing applications.
Critical Infrastructure
NIST CSF 2.0 and NIS2-aligned AI controls for utilities, energy, and transport.
Automotive
ISO 26262 and UNECE WP.29-aligned AI governance for vehicle systems.
Compliance & Audit
EU AI Act, export controls, data-residency, and data-minimization frameworks.
China Export Controls
PRC export control, PIPL, and data sovereignty compliance for AI.
EU AI Act Compliance
Full EU AI Act (2024/1689) compliance framework with transparency and oversight controls.
Zero Data Retention
Enforces no-log, no-cache AI operation for maximum data minimization.
Output Quality
Prompt-injection defense, citation verification, agent firewalls, and quality benchmarking.
Agent Firewall
Real-time tool-call inspection and action blocking for autonomous AI agents.
Prompt Injection Detection
Detects and blocks prompt-injection attacks in real time.
Citation Verification
Validates AI-generated citations and references against source material.
Quality Benchmarking
Continuous quality scoring and regression detection for AI outputs.
Cost & Efficiency
Lightweight governance for startups and SMBs — fast to deploy, easy to grow.
No templates match your search.
Can't find the right template?
Start from any template and customize it, or build a policy from scratch in the configuration editor.