Policy Templates
149 governance starting configurations across industries, use cases, and compliance frameworks. Choose a template, customize it, validate it, and deploy it through a supported gateway profile.
Template library
Find a starting point
Showing all 149 templates
Browse the full governance configuration library or narrow it by region and focus area.
Compliance & Audit
Regulatory and audit-oriented templates for public accountability, sovereignty, and defensible AI operations.
SOC 2 Type I
SOC 2 Type I template for point-in-time design effectiveness against the AICPA Trust Services Criteria.
SOC 2 Type II
SOC 2 Type II template for operating effectiveness across the AICPA Trust Services Criteria.
ISO/IEC 27001
ISO/IEC 27001 template for ISMS, supplier assurance, continuity, and cloud privacy controls.
ISO/IEC 42001
ISO/IEC 42001 template for AI governance, risk treatment, oversight, and data quality.
GDPR (Data Controller)
GDPR controller template for lawful basis, transparency, data subject rights, and breach obligations.
GDPR (Data Processor)
GDPR processor template for Article 28 security, sub-processor, and audit support obligations.
UK GDPR
UK GDPR template for UK personal-data transparency, rights handling, and breach reporting.
CCPA / CPRA
CCPA / CPRA template for California privacy notices, consumer rights, opt-out controls, and ADMT readiness.
LGPD (Brazil)
LGPD template for Brazilian lawful-basis, rights, and ANPD breach-reporting obligations.
HIPAA (Covered Entity)
HIPAA covered-entity template for PHI safeguards, access control, auditing, and breach notification.
HIPAA (Business Associate)
HIPAA business-associate template for BAA, subcontractor, and PHI security obligations.
HITECH
HITECH template for PHI breach notification, direct BA liability, and encryption-focused safeguards.
PCI DSS v4.0.1
PCI DSS v4.0.1 template for cardholder-data security, testing, and change control.
GLBA (Gramm-Leach-Bliley)
GLBA template for privacy notices, safeguards, risk management, and incident response.
SOX ITGC
SOX ITGC template for access, change, operations, and segregation-of-duties controls.
SEC/FINRA Books & Records
SEC/FINRA template for WORM retention, supervision, and controlled access to records.
FedRAMP Moderate
FedRAMP Moderate template for NIST 800-53 cloud controls and continuous monitoring.
FedRAMP High
FedRAMP High template for high-impact federal cloud security, media, and physical controls.
NIST SP 800-53 Moderate
NIST 800-53 Moderate template for assessed federal security controls at FIPS 199 moderate impact.
NIST AI RMF
NIST AI RMF template for trustworthy AI governance, data quality, oversight, and risk treatment.
CJIS Security Policy
CJIS template for CJI authentication, personnel, media, physical, and audit controls.
NIS2 Directive
NIS2 template for EU cyber risk management, continuity, crisis, and incident reporting.
DORA
DORA template for EU financial ICT risk, resilience testing, continuity, and third-party oversight.
FDA 21 CFR Part 11
FDA 21 CFR Part 11 template for validation, audit trail, access, and electronic-signature controls.
GxP / GMP Annex 11
GxP / GMP Annex 11 template for validation, ALCOA+ integrity, backup, and supplier controls.
TISAX
TISAX template for automotive information security, prototype protection, and data classification.
ISO 26262
ISO 26262 template for automotive functional safety, V&V, and safety-analysis controls.
NERC CIP
NERC CIP template for BES cyber access, recovery, and supply-chain security controls.
MAS TRM
MAS TRM template for Singapore ICT risk, continuity, data management, and AI risk-management controls.
APRA CPS 234
APRA CPS 234 template for information-security capability, testing, risk, and incident obligations.
Industry-Specific
Curated starter templates for common regulated industries and high-risk operational workflows.
Finance
Financial services template for PCI-aware redaction, MNPI suppression, supervisory disclaimers, and auditable AI operations.
Healthcare (US — HIPAA)
HIPAA-aligned governance starter for US healthcare organizations using AI systems with PHI; validate configuration and non-gateway safeguards before use.
Healthcare (EU — GDPR)
Starter control mapping for GDPR Article 9 health-data handling and EU AI Act risk-management considerations in European healthcare AI.
Healthcare
Global healthcare AI governance starter for health-data protection, clinical safety, and regulatory control mapping across jurisdictions.
Legal
Legal template for privilege preservation, unauthorized-practice controls, citation reliability, and defensible audit records.
Defense (US)
US defense and intelligence governance starter mapping configurable controls to ITAR/EAR, NIST 800-53, and DoD AI ethics considerations.
Defense (EU)
EU defense governance starter for configurable dual-use controls, sanctions screening, and human review of mission-impacting AI outputs.
China Export Controls
Template for PRC export-control, data-sovereignty, state-secrets, and politically sensitive content governance.
Government
US federal government template mapping configurable controls to FedRAMP, FISMA, OMB M-25-21, and evidence-heavy human oversight for public-sector AI use.
EU AI Act Compliance
Compliance-oriented template for EU AI Act risk classification, transparency, conformity assessment, and human oversight.
Education
Education template for K-12 and higher education with FERPA-first privacy, child safety, and bias controls.
HR / Recruitment
HR and recruitment template for anti-discrimination, automated decision fairness, and auditable human review.
Justice System
Justice system template for due process, algorithmic fairness, and strong judicial override.
Law Enforcement
Law enforcement template for CJIS-aligned privacy, constitutional safeguards, and bias-sensitive oversight.
Consumer
Consumer-facing template for privacy minimization, abuse prevention, safety controls, and consent-aware AI interactions.
Startups
Startup governance starter with configurable baseline data-protection, abuse-prevention, and audit controls.
Small & Medium Business
Balanced governance template for SMBs that need practical controls for confidentiality, employee data, and oversight.
Critical Infrastructure
Template for OT/ICS-heavy critical infrastructure with strict human control, anti-probing defenses, and safety-preserving AI restrictions.
Automotive
Safety-critical automotive template for connected vehicles, functional safety evidence, and restrictive engineering workflows.
Zero Data Retention
Privacy-focused template that routes only to targets marked by the operator as zero-retention and adds local defense-in-depth safeguards. Verify provider terms and account settings before production use.
Finance & Professional Services
Governed starters for finance, legal, consulting, and other professional-services teams handling sensitive decisions and records.
Accounting Audit
Accounting-review controls for sensitive financial data, a configurable human-oversight point, and audit evidence.
Asset Management
Asset-management controls for confidential client data, market-sensitive content, and a configurable human-oversight point.
Insurance Claims
Insurance-claims controls for claimant privacy, financial content, a configurable human-oversight point, and traceable decisions.
Insurance Underwriting
Underwriting controls for protected applicant data, a configurable human-oversight point for recommendations, and decision evidence.
Payment Processing
Payment-workflow controls for card data, transfer instructions, a configurable human-oversight point, and audit records.
Credit Scoring
Credit-analysis controls for applicant privacy, a configurable human-oversight point for fairness-sensitive decisions, financial guidance, and evidence.
Mortgage Processing
Mortgage-processing controls for borrower data, regulated documents, a configurable human-oversight point, and auditability.
RegTech Reporting
Regulatory-reporting controls for protected records, a configurable human-oversight point for financial output, and traceable review.
Wealth Management
Wealth-management controls for client privacy, market-sensitive content, a configurable human-oversight point for advice, and records.
Open Banking
Open-banking controls for payment data, sensitive instructions, a configurable human-oversight point, and traceability.
Attorney-Client Privilege
Privilege-focused controls for confidential matters, citation checks, a configurable human-oversight point, and audit evidence.
Contract Review
Contract-review controls for confidential terms, source checking, a configurable human-oversight point, and traceability.
eDiscovery
eDiscovery controls for privileged material, sealed records, citation checks, and a configurable human-oversight point for evidence.
Consulting Firm
Consulting-workflow controls for client confidentiality, access, output quality, and audit records.
Patent Research
Patent-research controls for confidential inventions, citation checks, a configurable human-oversight point, and evidence.
Tax Advisory
Tax-advisory controls for protected records, citation checks, a configurable human-oversight point, and traceability.
Architecture & Engineering IP
Engineering-IP controls for restricted designs, client privacy, a configurable human-oversight point, and auditability.
Management Consulting
Management-consulting controls for confidential engagements, access, output quality, and records.
Forensic Accounting
Forensic-accounting controls for sensitive evidence, financial content, a configurable human-oversight point for findings, and records.
Compliance Advisory
Compliance-advisory controls for protected client material, a configurable human-oversight point for guidance, and traceable evidence.
Healthcare & Life Sciences
Healthcare, clinical, research, and life-sciences templates with privacy, safety, and human-oversight controls.
Clinical Decision Support
Clinical decision-support controls for PHI, citation checks, a configurable human-oversight point, and audit evidence.
Telehealth
Telehealth controls for PHI, an RBAC configuration point, citation checks, and a configurable human-oversight point.
Medical Records Summarization
Medical-summary controls for PHI, citation checks, a configurable human-oversight point, and traceability.
Mental Health
Mental-health controls for highly sensitive records, citation checks, a configurable human-oversight point, and evidence.
Clinical Trials
Clinical-trial controls for participant data, citation checks, a configurable human-oversight point, and records.
Genomics Research
Genomics-research controls for sensitive data, an RBAC configuration point, citation checks, and a configurable human-oversight point.
Medical Device
Medical-device controls for protected data, citation checks, a configurable human-oversight point, and traceability.
Radiology
Radiology controls for imaging-related PHI, citation checks, a configurable human-oversight point, and evidence.
Laboratory Diagnostics
Laboratory-diagnostic controls for PHI, citation checks, a configurable human-oversight point, and records.
Pharmaceutical R&D
Pharmaceutical R&D controls for protected research data, citation checks, a configurable human-oversight point, and traceability.
Education
Education-focused templates for student data, assessment integrity, and age-appropriate safety controls.
University
University controls for student privacy, default safety keyword and citation checks, and configurable bias-monitor and human-oversight policy points.
Student Assessment
Assessment controls for generic personal data, citation checks, and configurable bias-monitor and human-oversight policy points.
Public Sector & Security
Public-sector, mission-sensitive, and security-oriented templates with attributed access, privacy, and review checkpoints.
Public Sector Procurement
Public-procurement controls for restricted data, citation checks, and configurable bias-monitor and human-oversight policy points.
Citizen Services
Citizen-service controls for protected records, citation checks, and configurable bias-monitor and human-oversight policy points.
Enterprise Data Compartmentalization
Compartmented-data controls for restricted content, an RBAC configuration point, citation checks, and traceability.
Cybersecurity Operations
Security-operations controls for restricted data, citation checks, a configurable human-oversight point, and incident evidence.
Tax Authority
Tax-authority controls for taxpayer records, an RBAC configuration point, a configurable human-oversight point, and audit evidence.
Social Services
Social-service controls for beneficiary privacy, citation checks, and configurable bias-monitor and human-oversight policy points.
Emergency Management
Emergency-management controls for sensitive incident data, citation checks, a configurable human-oversight point, and records.
Technology & Platforms
Platform, developer, and internal-product templates focused on tool governance, secure development, and operational discipline.
SaaS Platforms
SaaS-platform controls for customer data, secrets, agent tools, a configurable human-oversight point, and evidence.
Developer Tools
Developer-tool controls for credentials, generated code, tool use, a configurable human-oversight point, and auditability.
Cloud Providers
Cloud-operations controls for sensitive data, restricted agent tools, a configurable human-oversight point, and evidence.
Cybersecurity Products
Security-product controls for credentials, code safety, tool analysis, a configurable human-oversight point, and records.
Data Analytics
Analytics controls for personal data, secrets, agent tools, output quality, and traceability.
Gaming
Gaming controls for player privacy, unreleased content, citation and default safety keyword checks, and a configurable human-oversight point.
EdTech
EdTech controls for student data, default safety keyword and citation checks, and configurable bias-monitor and human-oversight policy points.
MarTech
MarTech controls for audience data, credentials, agent tools, a configurable human-oversight point, and evidence.
Enterprise Copilot
Enterprise-copilot controls for internal data, agent actions, a configurable human-oversight point, and traceability.
IoT Platform
IoT-platform controls for device data, credentials, agent tools, a configurable human-oversight point, and records.
Media & Creative
Media, publishing, and creative-workflow templates with rights-sensitive controls, citation checks, and safety screening.
Publishing
Publishing controls for personal data, rights-sensitive material, citation checks, and a configurable human-oversight point.
Film & TV Production
Film and TV controls for confidential productions, rights material, citation checks, and a configurable human-oversight point.
News Media
Newsroom controls for protected sources, citation quality, editorial workflows with a configurable human-oversight point, and correction evidence.
Advertising
Advertising controls for audience privacy, citation and default safety keyword checks, disclosure workflows, and a configurable human-oversight point.
Streaming Platform
Streaming-platform controls for subscriber data, protected content, citation checks, and a configurable human-oversight point.
Music Industry
Music-workflow controls for personal data, rights agreements, citation checks, and a configurable human-oversight point.
Event Management
Event controls for attendee data, rights-sensitive content, citation and default safety keyword checks, and a configurable human-oversight point.
Governance & Operations
Templates for organization-wide governance programs, registries, disclosure workflows, and operational oversight.
Third-Party AI Risk
Third-party AI controls for vendor evidence, protected data, citation checks, a configurable human-oversight point, and traceability.
Model Governance Registry
Model-registry controls for governed records, citation checks, a configurable human-oversight point, and auditability.
AI Disclosure & Transparency
AI-disclosure controls for protected data, citation checks, a configurable human-oversight point, and transparency evidence.
Shadow AI Discovery
Shadow-AI review controls for protected findings, citation checks, a configurable human-oversight point, and traceability.
AI Procurement Review Board
AI-procurement controls for vendor evidence, restricted data, a configurable human-oversight point, and records.
Acceptable Use & Model Access
Model-access controls for protected data, citation checks, an RBAC configuration point, and a configurable human-oversight point.
Record Retention & Audit Evidence
Evidence-collection controls for protected records, citation checks, configurable RBAC and human-oversight points, and audit policy events.
Industrial & Manufacturing
Operational templates for manufacturing, industrial systems, and safety-sensitive deployment environments.
Aerospace Manufacturing
Aerospace controls for sensitive designs, default safety keyword filtering, a configurable human-oversight point, and production evidence.
Chemical Industry
Chemical-process controls for restricted plant data, default safety keyword filtering, a configurable human-oversight point, and evidence.
Electronics Manufacturing
Electronics-manufacturing controls for protected designs, default safety keyword filtering, quality scoring, and records.
Food & Beverage
Food-production controls for restricted operations data, default safety keyword filtering, quality scoring, and traceability.
Energy Sector
Energy-sector controls for operational data, default safety keyword filtering, a configurable human-oversight point, and audit evidence.
Construction
Construction controls for protected plans, default safety keyword filtering, a configurable human-oversight point, and records.
Precision Agriculture
Precision-agriculture controls for operational data, default safety keyword filtering, a configurable human-oversight point for actions, and evidence.
Mining Operations
Mining controls for restricted site data, default safety keyword filtering, a configurable human-oversight point, and records.
Industrial Robotics
Industrial-robotics controls for protected systems, default safety keyword filtering, a configurable human-oversight point, and traceability.
Transportation & Logistics
Templates for transportation, fleet, logistics, and cross-border operational workflows.
Supply Chain
Supply-chain controls for restricted logistics data, default safety keyword filtering, a configurable human-oversight point, and traceability.
Aviation
Aviation controls for restricted operational data, default safety keyword filtering, a configurable human-oversight point, and evidence.
Maritime
Maritime controls for vessel and port data, default safety keyword filtering, a configurable human-oversight point, and traceability.
Rail Operations
Rail controls for operational systems, default safety keyword filtering, a configurable human-oversight point, and records.
Last-Mile Delivery
Last-mile controls for logistics data, default safety keyword filtering, a configurable human-oversight point, and evidence.
Fleet Management
Fleet controls for vehicle data, default safety keyword filtering, a configurable human-oversight point, and traceable decisions.
Warehouse Automation
Warehouse controls for automation data, default safety keyword filtering, a configurable human-oversight point, and records.
Public Transit
Public-transit controls for restricted operations data, default safety keyword filtering, a configurable human-oversight point, and evidence.
Freight Multimodal
Freight controls for cross-mode logistics data, default safety keyword filtering, a configurable human-oversight point, and traceability.
Retail & Commerce
Retail and commerce templates for customer data handling, transactional safety, and consumer-facing AI workflows.
E-commerce
E-commerce controls for customer and payment-token data, default safety keyword filtering, quality, and records.
Retail Customer Service
Retail-service controls for customer privacy, payment-token data, default safety keyword filtering, and traceability.
Dynamic Pricing
Dynamic-pricing controls for personal data, citation checks, and configurable bias-monitor and human-oversight policy points.
Luxury Retail
Luxury-retail controls for client privacy, payment-token data, default safety keyword filtering, and records.
Marketplace
Marketplace controls for participant privacy, payment-token data, default safety keyword filtering, and traceability.
Property & Hospitality
Property, real-estate, and hospitality templates with guest-data and operational-controls focus.
Commercial Real Estate
Commercial-property controls for tenant data, a configurable human-oversight point for fairness-sensitive decisions, protected files, and evidence.
PropTech
PropTech controls for tenant privacy, restricted property data, and configurable bias-monitor and human-oversight policy points.
Property Management
Property-management controls for tenant records, restricted property data, and configurable bias-monitor and human-oversight policy points.
Hotel Chain
Hotel controls for guest privacy, payment-token data, default safety keyword filtering, and records.
Travel Booking
Travel-booking controls for traveler and payment-token data, default safety keyword filtering, and traceability.
Nonprofit & Humanitarian
Templates for nonprofit and humanitarian teams balancing privacy, safety, and accountability obligations.
Nonprofit Donor Data
Donor-data controls for privacy, an RBAC configuration point, restricted exports, output quality, and records.
Humanitarian Aid
Humanitarian controls for beneficiary privacy, citation checks, and configurable bias-monitor and human-oversight policy points.
Regional & Privacy
Region- and privacy-specific templates for sovereignty, residency, export controls, and jurisdictional data-handling requirements.
Colorado AI Act
Colorado decision controls for personal data, citation checks, and configurable bias-monitor and human-oversight policy points.
NYC AEDT
NYC AEDT controls for candidate privacy, HR-oriented bias monitoring, citation checks, and traceability.
India DPDP
India DPDP controls for personal data, provider eligibility, citation checks, and a configurable human-oversight point.
Singapore PDPA
Singapore PDPA controls for personal data, eligible routing, source checks, and evidence.
Japan APPI
Japan APPI controls for personal data, provider eligibility, citation checks, and a configurable human-oversight point.
Cross-Border Data Transfer
Cross-border controls for personal data, retention- and training-aware provider routing, citation checks, and evidence.
No templates match your search.