Ridgeline Cyber Defence

Ridgeline Cyber Defence

Delivers quality security with expertly crafted digital toolkits for Cybersecurity & Governance, Risks and Compliance (GRC) Operations.

Our documentation suite provides ready-to-deploy policies, frameworks, and procedures for GRC, core cybersecurity programs and AI governance.

Designed for IT leaders, compliance teams, and consultants who need audit-ready, scalable resources—without starting from scratch.

AI Security Toolkit

$697.00

22 security practitioner developed documents plus a browser-based governance app with 46 security controls, risk assessment, ethics reviews, and AI-powered assistance. Covers OWASP LLM Top 10, NIST AI RMF, ISO 42001, and EU AI Act. One-time purchase. No subscription. Complete AI security programme: 22 DOCX documents (policies, standards, processes, forms, and framework mappings) plus an intelligent browser-based management app with 10 modules, 46 security controls, and 9 AI-powered features. Register AI systems, assess risks, track controls, conduct ethics reviews, and report to leadership — all from a single tool that runs locally. Full details at ridgelinecyber.com/products/ai-security-toolkit

View Product

Business Continuity & Disaster Recovery Suite

$249.00

Pass the Audit. Satisfy the Insurer. Survive the Outage. Business continuity and disaster recovery documentation is one of the most common audit nonconformities and cyber insurance gate questions — yet most organisations either have nothing documented or have plans so outdated they would fail under scrutiny. Building a BC/DR program from scratch typically takes 3–6 months of dedicated analyst time. This suite delivers an integrated, audit-ready BC/DR documentation system you can customise and deploy in weeks. What Makes This Different The centrepiece is a Business Impact Analysis Workbook — not a blank form, but a working Excel engine with 1,423 formulas that auto-calculates Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) from your business impact inputs, generates a recovery priority matrix, and identifies gaps between your current and target recovery capabilities. The BIA outputs feed directly into the BC and DR Plan templates, which feed into the test procedure, which produces a structured test report. Every document connects to the next. The suite also includes 8 ready-to-run exercise scenarios with situation briefings, timed injects, discussion questions, and evaluation criteria — not "Scenario 1: [Your scenario here]" placeholders. What's Included — 9 Files Governance (2 DOCX) Business Continuity & Disaster Recovery Policy—program governance, roles and responsibilities, testing requirements, escalation proceduresDisaster Recovery Policy — system classification tiers, recovery strategies by tier, backup standards, DR testing programme, KPIs Automation Engine (1 XLSX) BIA Workbook — 8 tabs, 1,423 formulas. Process inventory, IT systems inventory, impact assessment with auto-scoring, recovery priority matrix, RTO/RPO gap analysis with remediation priorities, executive summary dashboard Planning (2 DOCX) Business Continuity Plan — activation criteria, crisis management team procedures, communication cascade, department continuity worksheets, scenario-specific response procedures, resource requirementsDisaster Recovery Plan — DR team contacts, infrastructure overview, recovery sequencing with dependency mapping, system recovery runbooks, backup and restoration procedures, post-recovery validation checklist Testing & Evidence (3 DOCX) DR Test Procedure — 4 test types (walkthrough, component, simulation, full interruption) with detailed execution procedures, pre-test checklists, abort criteria, corrective action management framework, programme metricsDR Test Report Template — structured evidence report with RTO/RPO achievement tracking, findings register with severity classification, trend analysis across test cycles, programme maturity assessmentBC/DR Exercise Scenarios Guide — 8 scenarios including ransomware attack, cloud provider outage, data centre failure, key personnel unavailability, critical vendor failure, building inaccessible, database corruption, and compound events. Each with timed injects and success criteria Implementation (1 DOCX) Quick Start Guide — step-by-step implementation roadmap from download to operational, size-specific guidance for startups, SMEs, and enterprises, common pitfalls to avoid, audit readiness checklist Framework Alignment Every document is mapped to published standards — not generic best practice: ISO 22301:2019 — Business continuity management system requirementsISO 27001:2022 — Annex A controls A.5.29 (business continuity planning) and A.5.30 (ICT readiness)NIST CSF 2.0 — RC.RP (Recovery Planning), PR.IR (Incident Recovery) functionsCIS Controls v8 — Safeguard 17 (Incident Response and Management) Who This Is For Organisations preparing for ISO 27001 certification or surveillance auditsSecurity teams answering cyber insurance questionnaire requirements around business continuity and disaster recoveryIT managers who need to document and test recovery capability for the first timeGRC professionals replacing outdated BC/DR plans with framework-aligned documentation The Commercial Reality Building a BC/DR program internally means months of analyst time, multiple review cycles, and the ongoing risk of an auditor or insurer finding gaps in documentation you wrote yourself. This suite gives you a professionally structured, framework-aligned starting point with working automation — customise it with your organisation's specifics and you have an operational programme. Format: DOCX and XLSX (Microsoft Office compatible) Delivery: Instant digital download

View Product

CMMC Level 1 Compliance Toolkit

$697.00

39 security practitioner developed documents covering all 17 CMMC Level 1 practices across 6 domains — policies, procedures, assessment workbooks, evidence collection guides, and compliance scoring. Full NIST SP 800-171 traceability. Built for DIB contractors handling Federal Contract Information. Complete CMMC Level 1 documentation: 25 Word documents (8 policies, 6 procedures, 4 guides, 3 verification docs, and supporting materials) plus 14 Excel workbooks (self-assessment, gap analysis, compliance scoring, evidence tracking, and operational logs). Covers all 17 practices across all 6 domains with full NIST 800-171 traceability. Full details at ridgelinecyber.com/products/cmmc-level-1-compliance-toolkit

View Product

CMMC Level 2 Compliance & Operations Suite

$1,497.00

116 security practitioner developed deliverables covering all 110 NIST SP 800-171 controls across 14 families — policies, standards, procedures, SSP template, SPRS calculator, POA&M tracker, and C3PAO assessment tools. Built for DIB contractors handling Controlled Unclassified Information. Complete C3PAO assessment documentation: 91 Word documents (14 policies, 12 standards, 10 processes, 18 procedures, and assessment/planning tools) plus 24 Excel workbooks (self-assessment, SPRS scoring, gap analysis, evidence mapping, operational trackers) and a browser-based app. Covers all 110 NIST 800-171 controls with full framework traceability. Full details at ridgelinecyber.com/products/cmmc-level-2-compliance-suite

View Product

Cyber Incident Response Toolkit

$797.00

34 security practitioner developed deliverables — policies, playbooks, a dynamic playbook generator, 6 Excel automation engines, evidence collection scripts, and board-ready reporting. Mapped to ISO 27001, NIST CSF 2.0, NIST 800-61r3, CIS v8, and GDPR. Operationalise your incident response program with 20 Word documents (IR policy, procedure, 10 attack-specific playbooks, role-specific checklists, communications pack, notification templates, ransomware readiness guide, cloud security playbook, and decision trees), 6 Excel workbooks (incident classification engine, incident command workbook, programme readiness scorecard, performance metrics dashboard, dynamic playbook generator, and training tracker), and 8 evidence collection scripts (Windows PowerShell + Linux Bash). Every document is framework-mapped and customisation-ready. Full details at ridgelinecyber.com/products/cyber-incident-response-toolkit

View Product

Data Privacy Governance Suite

$1,297.00

97 security practitioner developed documents — the complete privacy program mapped to GDPR, NIST Privacy Framework, EU-U.S. Data Privacy Framework, and CCPA/CPRA. Policies, procedures, DPIA kit, breach response, international transfers, training, and compliance registers.Deploy a GDPR-compliant privacy program: 58 Word documents and 39 Excel workbooks covering governance, data inventory, consent management, subject rights, DPIAs, vendor management, breach response, retention, international transfers, training, technical measures, and regulatory compliance registers. A 5-phase implementation roadmap included. Full details at ridgelinecyber.com/products/data-privacy-governance-suite

View Product

Information Security Policy Suite

$1,497.00

Over a 100 security practitioner developed deliverables plus a browser-based management app — 21 policies, 15 standards, 12 processes, 28 procedures, 22 Excel workbooks, ISO 27001 gap assessment with 93 Annex A controls, AI-powered remediation, and board reporting. Complete ISMS documentation with intelligent management app: 77 Word documents (21 policies, 15 standards, 12 processes, and 28 procedures, plus reference docs) and 22 Excel workbooks, plus a browser-based platform with 11 modules — gap assessment against all 93 ISO 27001 Annex A controls, remediation tracker, audit simulator, policy lifecycle management, evidence registry, and AI-powered guidance. Full details at ridgelinecyber.com/products/information-security-policy-suite

View Product

NIST CSF Implementation & Operations Suite

$1,497.00

138 security practitioner developed deliverables covering all six NIST CSF 2.0 functions — policies, standards, procedures, 5 multi-platform implementation guides, 12 automation scripts, assessment engines, executive reporting suite, and GRC add-on packs. ISO 27001 and CIS Controls v8 cross-mapped. Complete NIST CSF 2.0 implementation: 101 Word documents (core CSF documentation across all six functions, 6 GRC add-on packs, platform implementation guides), 24 Excel workbooks (assessment engine, compliance engine, evidence system), 12 PowerShell/Bash automation scripts, and a Board security presentation. Includes M365, Google Workspace, AWS, Azure, and on-prem implementation guides. Full details at ridgelinecyber.com/products/nist-csf-implementation-operations-suite

View Product

QuestionnairePro Professional

$299.00/year

QuestionnairePro Professional — Desktop Security Questionnaire Management Respond to security questionnaires in hours, not weeks. Assess vendors, measure your own gaps, and present your security posture through a professional Trust Center. WHAT'S INCLUDED - Answer Library — 474 pre-written answers across 19 security categories, three maturity tiers each - Import Questionnaire — upload XLSX/CSV, auto-match with fuzzy matching and synonym expansion, AI-powered generation for unmatched questions, export preserving original format - Create Questionnaire — build branded questionnaires to send to vendors and partners - 22 Assessment Templates — vendor security, internal controls, cloud readiness, AI governance, and more - Gap Assessment — Standard (40Q) or Comprehensive (80Q) with category breakdown - Vendor Response Analysis — automated keyword scoring, red flag detection, AI deep analysis - Trust Center Builder — 6-step wizard, 22 frameworks, 20 domains, 21 policies, 30 FAQ, standalone HTML export - Compliance Mapping — NIST CSF 2.0, ISO 27001, SOC 2, CMMC, PCI DSS, GDPR, HIPAA, and more - AI Integration — 10 providers (OpenAI, Anthropic, Google, Azure, Mistral, Groq, Perplexity, DeepSeek, Ollama, Custom). Bring Your Own Key. - Multi-user — admin and viewer roles, Active Directory and Entra ID authentication - Branded XLSX exports across all modules - Activity history with per-user audit logging SECURITY - AES-256-GCM encrypted local database - API keys stored in OS keychain - Argon2id authentication - No cloud dependency — your data never leaves your machine LICENCE - 365 days from activation - Renewal notifications at 30 and 7 days - Expired licences downgrade to Community (data preserved) - One licence key per purchase — paste into Settings to activate SYSTEM REQUIREMENTS - Windows 10/11 (x64) - macOS 12+ (Intel and Apple Silicon) - ~100 MB disk space ridgelinecyber.com/applications/questionnairepro/

View Product

Risk Assessment & Treatment Toolkit

$297.00

16-file risk management system. Auto-scoring Risk Register (830 formulas), 52 starter risks, workshop kit, insurance mapping. Operational from day one. Know Your Risks. Treat Them Systematically. Prove It. Every organisation faces cybersecurity risks. The difference between those that manage them and those that get caught out is a repeatable, documented process — one that scores risks consistently, tracks treatment actions, and produces evidence that satisfies boards, insurers, clients, and regulators alike. This toolkit gives you that process. 16 files containing 884 formulas, a 52-risk starter library, workshop facilitation materials, insurance question mapping, and every supporting document your organisation needs to run a professional risk management programme. What's Included — 16 Files EXCEL ENGINES (5 workbooks, 19 tabs, 884 formulas) Risk Register Workbook (XLSX — 8 tabs, 830 formulas) — The core engine. 30-column register with auto-calculated inherent, residual, and target risk scores using a 5×5 likelihood × impact matrix. Colour-coded heat map visualisation, executive dashboard with risk distribution summaries, trend analysis tracking across multiple assessment cycles, framework mapping to NIST CSF 2.0 and ISO 27001, and a 52-risk starter library covering the most common cybersecurity risks across all sectors. Conditional formatting highlights critical risks immediately. Enter your scores — the workbook does the rest. Statement of Applicability (XLSX — 3 tabs, 45 formulas) — Pre-mapped to all 93 ISO 27001:2022 Annex A controls. For each control: applicability status, justification for inclusion or exclusion, implementation status, evidence reference, and NIST CSF 2.0 mapping. Auto-calculated dashboard shows your security posture at a glance. Whether you are pursuing certification or simply benchmarking your controls against an international standard, this workbook gives you a structured way to document what you have in place and where the gaps are. Audit Evidence Checklist (XLSX) — Maps risk management requirements to specific evidence artefacts. Tracks what documentation exists, what is missing, and what needs updating — useful for internal reviews, external audits, client due diligence questionnaires, and regulatory inspections. Cyber Insurance Risk Mapping (XLSX) — Maps common cyber insurance application questions to your risk register entries and control implementations. Turns your risk assessment work into insurance submission evidence — saving hours of repetitive form-filling every renewal cycle. Workshop Facilitation Kit (XLSX — 6 tabs) — Everything you need to run a structured risk assessment workshop with your team: timed agenda, attendee sign-off sheet, risk identification prompts by threat category, asset-based risk walkthrough template, scoring calibration exercise to align assessors, and workshop output summary for capturing results. Designed for facilitators at any experience level. GOVERNANCE DOCUMENTS (9 DOCX files) Risk Management Policy — Board-level policy establishing the organisation's commitment to systematic risk management. Defines risk appetite, tolerance thresholds, assessment requirements, treatment obligations, and reporting cadence. Suitable for any sector — healthcare, financial services, technology, manufacturing, professional services, education, government, and beyond. Risk Assessment Methodology — Defines the 5×5 scoring matrix, three-stage assessment process (inherent → residual → target), likelihood and impact scales with concrete definitions, risk rating bands, and assessment frequency. This is the anchor document that explains how your organisation evaluates risk — referenced by everything else in the toolkit. Risk Assessment Process Guide — Step-by-step operational guide covering pre-assessment planning, four risk identification approaches (asset-based, threat-based, control-gap, scenario-based), workshop facilitation guidance, scoring and evaluation procedures, treatment selection, and post-assessment reporting. Written so that anyone responsible for risk assessment can follow the process, not just GRC specialists. Risk Treatment Plan Template — Structured treatment options (mitigate, transfer, accept, avoid) with action tracking, ownership assignment, target dates, resource requirements, residual risk targets, score projections, monitoring schedules, and escalation procedures. Links directly to risk register entries and control references. Risk Acceptance Form — Formal risk acceptance with mandatory fields for business justification, compensating controls, conditions, residual risk level, acceptance authority by risk rating, expiry date, and review triggers. Provides the documented trail proving that accepted risks were conscious business decisions, not oversights. Risk Assessment Report Template — Structured output from an assessment cycle. Executive summary, methodology reference, risk distribution analysis, top risks, treatment progress, trend analysis, control posture summary, and recommendations. Designed for board reporting, management reviews, client submissions, and regulatory evidence. Framework Cross-Mapping Reference — Complete traceability from every toolkit file to ISO 27001:2022 clauses, NIST CSF 2.0 subcategories, CIS Controls v8, and ISO 31000:2018. Demonstrates which framework requirements the toolkit satisfies — useful for compliance teams, consultants, and anyone mapping controls across multiple standards. User Guide — Comprehensive walkthrough of every workbook tab, column, and feature. Covers blank vs. example workbook usage, setup configuration, data entry procedures, formula logic, and ongoing cycle management. Quick Start Guide — 6-step implementation roadmap with size-specific timelines: startup (1 day), SME (1–2 weeks), enterprise (4–6 weeks). Gets you from download to operational risk programme fast. EXAMPLE WORKBOOKS (2 pre-filled files) Risk Register EXAMPLE and Statement of Applicability EXAMPLE — Pre-filled with realistic sample data so you can see exactly how the finished workbooks look and function before entering your own data. Use as a reference or starting point. Framework Coverage FrameworkWhat's MappedISO 27001:2022Clauses 6.1, 8.2, 8.3, 9.1, 9.3, 10.1, 10.2. Statement of Applicability covers all 93 Annex A controls.NIST CSF 2.0GV.RM-01/02/07, ID.RA-01 through ID.RA-08 — risk identification, analysis, response, and programme governance.CIS Controls v8Safeguards 3, 7, 15, 17 — data protection, vulnerability management, service provider management, incident response.ISO 31000:2018Clauses 6.3 through 6.7 — context, identification, analysis, evaluation, treatment, monitoring, reporting. Framework mappings are built in but not mandatory to use. Organisations not pursuing formal certification still benefit from the scoring methodology, treatment tracking, and reporting structure. Who This Is For Organisations building or formalising a risk management programme for the first timeSecurity and IT teams that need a structured, repeatable process for identifying and treating risksCompliance managers preparing for certification, client questionnaires, or regulatory requirementsRisk owners who need to report risk posture to boards, executives, or external stakeholdersOrganisations completing cyber insurance applications that require documented risk managementConsultants and MSSPs deploying standardised risk assessment processes across multiple clients Why This Exists Free risk register templates give you column headers and an empty spreadsheet. Consultants charge £5,000–£15,000 to build a risk assessment programme. This toolkit sits in between — a complete, tested system with 884 formulas, 52 starter risks, workshop facilitation materials, insurance mapping, and every supporting document needed to run risk management as an ongoing programme rather than a one-off exercise. The Risk Register alone contains 830 formulas providing auto-calculated risk scores at three stages (inherent, residual, target), conditional formatting, heat maps, trend analysis, and executive dashboards. This is an operational tool, not a static template. The Numbers 16 files — 5 Excel workbooks + 9 governance documents + 2 pre-filled examples884 formulas across all Excel engines52 starter risks in the Risk Library, mapped to NIST CSF functions93 Annex A controls mapped in the Statement of Applicability30 columns per risk in the Register (identification → scoring → treatment → traceability)4 frameworks mapped: ISO 27001, NIST CSF 2.0, CIS Controls v8, ISO 310003 organisation sizes supported with size-specific guidance throughout Format: DOCX and XLSX (Microsoft Office compatible) Delivery: Instant digital download All documents include customisation points for your organisation's name, size, risk appetite, and regulatory environment. This is a customisable template only. It is not legal advice. Organisations should seek qualified professional advice for their specific circumstances and jurisdiction.

View Product

Risk Management Toolkit

$997.00

26 security practitioner developed deliverables plus a browser-based intelligent app — risk assessment with 170+ risk library, business impact analysis, vendor risk management with 243 weighted controls, 11 AI features, and 12 framework mappings. AES-256 encryption. No subscription. Complete risk management system: browser-based intelligent app with risk register, BIA, vendor management (243 controls), scenario modelling, evidence tracking, and 10 export formats. Plus 20 Word documents (policies, BCP/DR plans, vendor communications, workshop kit) and 4 Excel workbooks. 11 AI features (BYOK). Runs locally — zero data transmission. Full details at ridgelinecyber.com/products/risk-management-toolkit

View Product

Security Awareness Training Suite

$997.00

85 security practitioner developed documents — training modules, phishing simulations, role-based training, tabletop exercises, gamification, metrics dashboards, and board reporting. Mapped to NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, CMMC, and PCI-DSS. One-time purchase. Fully editable. Complete security awareness program: 57 Word documents, 15 PowerPoint presentations (training modules with facilitator guides), 9 Excel workbooks (metrics, trackers, dashboards), and 4 print-ready PDFs. Includes 12-file phishing simulation kit, 5 role-based modules, 5 tabletop exercises with inject cards, gamification resources, and board-level reporting. Full details at ridgelinecyber.com/products/security-awareness-training

View Product

Security Program Foundation Toolkit

$497.00

35 security practitioner developed documents — policies, risk registers, compliance trackers, control framework mapping, maturity assessment, incident response plan, and a 6-phase implementation guide. NIST CSF 2.0, ISO 27001, and CIS Controls v8 aligned. Launch a GRC program in days: 22 Word documents (8 policies, risk methodology, risk appetite statement, control procedures, incident response plan, NDA, third-party assessment, and program review) plus 13 Excel workbooks (risk register, enterprise risk register, compliance obligations, control testing, evidence tracker, framework mapping, activity calendar, training tracker, issues log, asset register, maturity assessment, vendor register, and RACI matrix). Full details at ridgelinecyber.com/products/grc-essentials-toolkit

View Product

SOC 2 Readiness Suite

$997.00

71 security practitioner developed documents covering all 5 SOC 2 Trust Service Categories — system description, control narratives, evidence workbooks, auditor preparation package, executive materials, and operational trackers. AICPA TSC, NIST CSF 2.0, ISO 27001, and CIS Controls v8 aligned. Complete SOC 2 audit preparation: 44 Word documents (20 security + TSC policies, 12 operational procedures, system description, control narratives, auditor prep guides, executive materials) plus 27 Excel workbooks (control matrix, evidence collection, control testing, metrics dashboard, RACI, trackers). All 5 Trust Service Categories covered. Full details at ridgelinecyber.com/products/soc-2-readiness-suite

View Product

Vendor Risk Management System

$299.00

Stop Managing Vendors in Scattered Spreadsheets Your auditor asks for evidence of third-party risk management. Your insurer's questionnaire has a section on vendor oversight. Your ISO 27001 Stage 1 assessor wants to see documented supplier security assessments. And right now, your vendor management process lives in email threads, ad-hoc spreadsheets, and a vague policy nobody follows. The Vendor Risk Management System is a complete, integrated TPRM program—from initial due diligence through annual reassessment — built around a Master Engine with 1,974 formulas that auto-classifies vendors, calculates weighted risk scores, tracks remediation, and generates board-ready reports. What Makes This Different This is not a single questionnaire template. It is a 4-questionnaire architecture covering the full vendor lifecycle — pre-engagement due diligence, onboarding security verification, in-depth cyber assessment with 104 controls across 11 security domains, and annual self-assessment. Each questionnaire feeds into the Master Engine, which auto-calculates risk classifications, tracks remediation progress, maintains assessment history across cycles, and produces a portfolio dashboard and board report without manual data wrangling. The 104-control Cyber Verification questionnaire uses weighted domain scoring — critical domains like Identity & Access Management, Incident Response, and Data Security carry 3× the weight of lower-risk domains, so your risk scores reflect actual threat exposure rather than treating all controls equally. What's Included — 10 Files Automation Engine (1 XLSX) VRMS Master Engine — 10 tabs, 1,974 formulas. Setup and configuration, vendor intake with auto-classification, score entry for all questionnaires, QD self-assessment tracker, remediation tracker with SLA management, portfolio dashboard with risk distribution analysis, board report generator, assessment history with multi-cycle trend tracking, reference data library Assessment Questionnaires (4 XLSX) QA Due Diligence Questionnaire — 41 controls for pre-engagement evaluation covering governance, financial stability, data handling, regulatory compliance, and operational resilienceQB Onboarding Questionnaire — 38 controls for new vendor security verification covering technical controls, access management, incident response capability, and business continuity readinessQC Cyber Verification Questionnaire — 104 controls across 11 security domains with weighted scoring. Domains: Security Governance, Identity & Access Management, Network Security, Endpoint Security, Data Security & Encryption, Cloud Security, Incident Response, Security Operations, Secure Development, Physical Security, and Security AwarenessQD Annual Self-Assessment — 60 binary controls for ongoing vendor compliance monitoring, designed for vendor self-completion with minimal guidance required Governance Documents (3 DOCX) Vendor Risk Management Policy — 10 policy statements, RACI matrix, tier-based assessment requirements, 8-phase vendor lifecycle, exception handling, compliance and enforcement provisionsCommunications Pack — 7 pre-written letter templates covering assessment distribution, self-assessment distribution, non-response follow-up, remediation requirement, assessment completion acknowledgement, risk acceptance notification, and vendor offboardingVendor Assessment Report — Per-vendor audit artifact template with framework mappings, assessment summary, findings register, and risk rating justification Reference & Operations (2 files) Compliance Map (XLSX) — 53 requirements mapped across ISO 27001, NIST CSF 2.0, CIS Controls v8, SOC 2, GDPR, DORA, and Cyber EssentialsUser Guide (DOCX) — 11 chapters covering system setup, vendor classification, questionnaire deployment, score interpretation, remediation workflows, dashboard usage, and board reporting Framework Alignment Every component is mapped to published standards: ISO 27001:2022 — Annex A controls A.5.19 (supplier relationships), A.5.20 (supplier agreements), A.5.21 (ICT supply chain), A.5.22 (monitoring and review)NIST CSF 2.0 — GV.SC (Supply Chain Risk Management) subcategoriesCIS Controls v8 — Safeguard 15 (Service Provider Management)SOC 2 — Common Criteria related to vendor managementGDPR — Article 28 (processor requirements), Article 32 (security of processing)DORA — ICT third-party risk management requirementsCyber Essentials — Supply chain security expectations Who This Is For Organisations preparing for ISO 27001 certification where Annex A.5.19–A.5.22 evidence is requiredSecurity teams answering cyber insurance questionnaire sections on third-party risk managementGRC professionals replacing ad-hoc vendor tracking with a structured, auditable systemCompliance officers who need to demonstrate GDPR Article 28 due diligence on processorsIT managers overseeing 10–500 vendor relationships who need a system that scales without SaaS platform costs The Commercial Reality SaaS vendor risk management platforms like UpGuard, OneTrust, and Vanta charge $6,000–$50,000+ per year. Free templates from their blogs give you a single questionnaire with no scoring engine, no lifecycle management, and no board reporting. This system fills the gap—a complete, integrated TPRM program you own outright for a one-time purchase. No recurring fees, no per-vendor charges, no platform lock-in. Format: DOCX and XLSX (Microsoft Office compatible) Delivery: Instant digital download

View Product

Vulnerability & Patch Management Toolkit

$497.00

8 security practitioner developed documents — policies, procedures, a remediation playbook, a risk assessment workbook, and vulnerability tracking. NIST CSF 2.0, ISO 27001, and CIS Controls v8 aligned. Deploy a documented, audit-ready vulnerability management program with policies, scanning procedures, severity-based SLAs, and Excel workbooks for remediation tracking and risk assessment. Includes Vulnerability Management Policy, Asset Management Policy, VM Procedure, Scanning Procedure, VM Playbook, Remediation Tracker, Risk Assessment Workbook, and Quick Start Guide. Full details at ridgelinecyber.com/products/vulnerability-patch-management-toolkit

View Product

Zero Trust Implementation Toolkit

$797.00

38 security practitioner developed deliverables covering all 5 CISA Zero Trust pillars — policies, standards, 10 Excel workbooks, 10 automation scripts, a Command Centre browser app, and a 60-day implementation roadmap. Platform-specific for M365, Google Workspace, AWS, Intune, and Jamf. Mapped to 8 frameworks. Complete Zero Trust implementation system: 16 Word documents (policies, standards, procedures, checklists, and forms), 10 Excel workbooks (risk assessment, RBAC matrix, maturity scorecard, and device/network/app/data inventories), 10 automation scripts (Python + PowerShell for Entra ID, Active Directory, AWS, and Google Workspace), and a Command Centre browser app. 60-day implementation roadmap. Full details at ridgelinecyber.com/products/zero-trust-implementation-toolkit

View Product