Answer a few guided questions about your organization and we'll tailor a compliance policy & procedure document set — complete with an evidence collection guide — to your standards, structure and technology stack.
We use these details as the legal entity header on every generated policy and procedure document.
Who should we coordinate the compliance program with? This person receives the generated document set and evidence guide.
List your headquarter and any other offices in scope (up to 5 total). This drives whether we generate one shared policy set or location-specific variants.
Select every framework you're working toward. We generate the policy, procedure and evidence guide mapped to the controls of each one you choose.
Add the reporting levels responsible for your ISMS, top-down (e.g. CTO → CISO → VP of Security → ISMS Manager → ISMS Executive). Up to 10 levels.
Assign who owns each stage of the policy & procedure lifecycle. Selections are highlighted on the tree above.
Cloud usage shapes the infrastructure, data-handling and shared-responsibility controls in your document set.
Select all that apply, then list the services you run on each.
Your disaster-recovery targets — RTO (Recovery Time Objective) is the maximum acceptable downtime; RPO (Recovery Point Objective) is the maximum acceptable data-loss window.
Your detection tooling, response SLAs and issue-reporting workflow feed the monitoring, incident-management and evidence-collection procedures in your document set.
Select all that apply. Open-source and commercial platforms are both listed.
Set the target resolution time you want to commit to for each severity.
Select the ticketing tool(s) you raise detected issues in.
These determine whether AI-management controls (e.g. ISO 42001) and control-mapping guidance are woven into your document set.
Which best describes your role? Select all that apply.
Which GRC platform(s) do you use? Search the list or add your own.
Check everything below and edit any section before we generate your document set. Use the Edit button on a section to jump back to that step.
We've captured everything we need. A QSECS compliance specialist will assemble your tailored policy & procedure document set and evidence collection guide, and reach out to your primary contact within 1 business day.
Your information is used solely to tailor your compliance document set and is never shared with third parties.