Reports

Download Any Sample Reports on This Page

All reports are dynamically-generated by Compliance Manager GRC, based on your standard(s) and your environment. Every Report is unique!

The sample reports we provide are take from actual network environments, with the data
anonymized for the purposes of privacy. Only one style was used for these samples, but there are dozens of others from which to choose.

Features

Key Report Features

  • All of our reports are fully brandable. On our sample reports, we have dropped in placeholder branding elements to demonstrate where and how the branding elements show up.
  • You can pick from several different report style templates, change the colors to match your corporate style, select from a large library of stock images for your report covers or upload your own, and even edit the documents.
  • If you want to pull out just a specific chart or report section, they are all in standard MS Word format, so you can copy and paste any items into other documents.

Dashboard Reports

Compliance Manager GRC - All Employees Policy Acceptance Status Report Sample - Screenshot

All Employees Policy Acceptance Status Report

Compliance Manager GRC includes the ability to upload any number of policies or other HR-related documents into a self-serve web-based portal that employees can log-into, read and review the documents, and attest to agreement with the contents. This dashboard report presents a summary of Employee Policy Acceptance results recorded for all employees of a given […]

Download Report
Compliance Manager GRC - All Vendor Assessments Status and Results Printable Report - Screenshot

All Vendors Assessments Status and Results Report

Whether you are compelled to track vendor compliance with specific IT requirements, or just do it as a matter of following best practices, Compliance Manager GRC gives you the ability to assign to your vendors specific sets of requirements — including any standards that you must adhere to. You can monitor progress for all your […]

Download Report

Vendor Risk Excel Export Report

Want to take the results of your vendor risk assessment and work on them in Excel? No problem. You’ll get the summary results in one tab, and individual line itme results in another.

Download Report

Vendor Risk Assessment Dashboard Report

Quickly and easily print out what you see on the Vendor Risk Management Report.

Download Report

Requirements Assessment Report

This report presents a summary of the Requirements Assessment responses and results as displayed in the Requirements Assessment Dashboard.

Download Report

Controls Assessment Report

Presents a summary of the Controls Assessment responses and results as displayed in the Controls Assessment Dashboard.

Download Report

Rapid Baseline Assessment Report

This report presents a summary of the Rapid Baseline Assessment responses and results as displayed in the Rapid Baseline Assessment Dashboard.

Download Report

Policies & Procedures Reports

PCI-DSS-SAQ-A-Policies and Procedures - Screenshot

PCI DSS SAQ A Policies and Procedures

To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ-A is for e-commerce/mail/telephone-order (card-not-present) merchants which have completely outsourced all cardholder data functions. There is no electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises.

Download Report
PCI-DSS- SAQ - A-EP - Policies and Procedures - Screenshot

PCI DSS SAQ A EP Policies and Procedures

To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ-A-EP is for e-commerce-only merchants that rely on third-party service providers to handle card information and which have a website that doesn’t process credit card data, but could impact the security of the payment transaction. There is […]

Download Report
PCI-DSS-SAQ-B-IP-Polices and Procedures-Screenshot

PCI DSS SAQ B IP Policies and Procedures

To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ-B-IP is for merchants using only standalone, PTS-approved payment terminals with an IP connection to the payment processor, and which do not store electronic cardholder data. This is not for e-commerce activities.

Download Report
PCI-DSS - SAQ C - Policies and Procedures - Screenshot

PCI DSS SAQ C Policies and Procedures

To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ-C is for any merchant which utilizes a payment application connected to the internet, but with no electronic cardholder data storage.

Download Report
PCI DSS - SAQ C-VT - Policies and Procedures - Screenshot

PCI DSS SAQ C VT Policies and Procedures

To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ – C-VT is for merchants which utilize a virtual terminal on one computer dedicated solely to card processing, and which do not store electronic cardholder data. This is not for e-commerce activities.

Download Report
CMGRC - NYS DFS - Policies and Procedures

NYS DFS Part 500-23 Policies & Procedures

The New York State Department of Financial Services (NYDFS) requires that all covered entities maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of their information systems. This includes a creating and maintaining a complete and accurate Policies and Procedures Manual. Compliance Manager does this automatically, and is dynamically built on-the-fly. That […]

Download Report

Essential 8 Maturity Level 3 Policies & Procedures

Organizations that implement the Essential 8 controls must create a set of policies and procedures that are used to certify and protect Australian businesses against the growing threat of cyber-attacks. The report gathers the necessary evidence to have the organization follow the Essential 8 framework maturity scale, which is comprised of three levels. This report […]

Download Report
SS - CM GRC Essential 8 - Level 2

Essential 8 Maturity Level 2 Policies & Procedures

Organizations that implement the Essential 8 controls must create a set of policies and procedures that are used to certify and protect Australian businesses against the growing threat of cyber-attacks. The report gathers the necessary evidence to have the organization follow the Essential 8 framework maturity scale, which is comprised of three levels. This report […]

Download Report
SS - CM GRC - Essential 8 - Level 1

Essential 8 Maturity Level 1 Policies & Procedures

Organizations that implement the Essential 8 controls must create a set of policies and procedures that are used to certify and protect Australian businesses against the growing threat of cyber-attacks. The report gathers the necessary evidence to have the organization follow the Essential 8 framework maturity scale, which is comprised of three levels. This report […]

Download Report
Cyber_Essentials_Policies_and_Procedures_truncated

Cyber Essentials Policies & Procedures

Organizations that implement the Cyber Essentials (Plus) controls must create and implement a set of policies and procedures that are used to certify and protect businesses against the growing threat of cyber-attacks. The report gathers the necessary evidence to have the Cyber Essentials (Plus) certification completed with real data. The certification defines a focused set […]

Download Report

Cyber Insurance Readiness Policies & Procedures

Cyber-insurance is a specialty insurance product intended to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. Compliance Manager GRC is the first software solution that allows cyber-insurance policyholders to systematically provide compliance policy and procedure documentation, which is the foundation of any compliance program, both in […]

Download Report

UK GDPR Controller and Processor Policies and Procedures

One of the first requirements is to have a set of policies and procedures used to implement Personal Data privacy protection, security, and compliance with UK GDPR. Some organizations don’t have a set of data protection policies – or at least one that conforms to UK GDPR provisions. The tool provides an “out of the […]

Download Report
EU_GDPR_Policies_and_Procedures-thumbnail

EU GDPR Controller and Processor Policies and Procedures

One of the first requirements is to have a set of policies and procedures used to implement Personal Data privacy protection, security, and compliance with EU GDPR. Some organizations don’t have a set of data protection policies – or at least one that conforms to EU GDPR provisions. The tool provides an “out of the […]

Download Report

NIST 800-171 Policies and Procedures

Organizations that are implementing NIST SP 800-171 IT security requirements must create and implement a set of policies and procedures used to implement the necessary security requirements based upon the NIST SP 800-171 IT security requirements. Some organizations don’t have a set of IT Security policies – or at least one that is based on […]

Download Report

NIST CSF Policies and Procedures

Organizations that are implementing NIST Cyber Security Framework controls must create and implement a set of policies and procedures used to implement the necessary security controls based upon the NIST Cyber Security Framework. Some organizations don’t have a set of IT Security policies – or at least one that is based on the NIST Cyber […]

Download Report

HIPAA Breach Notification Rule Policies and Procedures

A third requirement is to have a set of policies and procedures used to implement procedures to notify individuals and the HHS Secretary of PHI breach events experienced by the organization and compliance with the HIPAA Breach Notification Rule. Some organizations don’t have a set of PHI breach notification policies – or at least one […]

Download Report

HIPAA Privacy Rule Policies and Procedures

A second requirement is to have a set of policies and procedures used to implement PHI privacy protection and compliance with the HIPAA Privacy Rule. Some organizations don’t have a set of privacy protection policies – or at least one that conforms to HIPAA Privacy Rule provisions. The tool provides an “out of the box” […]

Download Report

HIPAA Security Rule Policies and Procedures

One of the first requirements is to have a set of policies and procedures used to implement ePHI data security and compliance with the HIPAA Security Rule. Some organizations don’t have a set of data protection policies – or at least one that conforms to HIPAA Security Rule provisions. The tool provides an “out of […]

Download Report

CMMC 2.0 – Level 1 Policies and Procedures

Organizations that are implementing CMMC 2.0 Level 1 security controls must create and implement a set of policies and procedures used to implement CUI data security based upon the CMMC 2.0 – Level 1 IT Security Framework. Some organizations don’t have a set of CUI data protection policies – or at least one that is […]

Download Report

CMMC 2.0 – Level 2 Policies and Procedures

Organizations that are implementing CMMC 2.0 Level 1 security controls must create and implement a set of policies and procedures used to implement CUI data security based upon the CMMC 2.0 – Level 1 IT Security Framework. Some organizations don’t have a set of CUI data protection policies – or at least one that is […]

Download Report

Primary Reports

Your Standard - Full Assessment - Sample

Your Standard- Full Assessment Report

This report can be generated from the requirements assessment for any standard you are managing. It. compiles compliance information from automated scans, augmented data, and questionnaires. gathers evidence into one document to back up Assessor Checklist with real data.

Download Report

Assessor’s Checklist

The Assessor’s Checklist gives you a high-level overview of how well the organization complies with the specific standard being managed. A separate Auditor’s check list can be generated for any Standard — whether from one of the built-in government and industry templates, or your own custom set of Requirements and Controls. The checklist details specific […]

Download Report
Technical Risk Treatment Plan - Technical Review

Technical Risk Treatment Plan

This report prioritizes the discovered IT security risks and provides recommendations on remediation steps.

Download Report
Technical Risk Analysis - Technical Review

Technical Risk Analysis

Identifies what protections are in place and where there is a need for more. It includes a list of items that must be remediated to ensure the security and confidentiality of sensitive data at rest and/or during its transmission.

Download Report
Technical Assessment - Technical Review

Technical Assessment

This report includes details about all assets, configurations and users uncovered during the network, computer endpoint and MS Cloud scanning process.

Download Report

Plan of Actions and Milestones Report

This report is a dynamic project plan spreadsheet document, fed by Compliance Manager GRC, that includes separate tabs of Technical Issues, Control Issues and Standards Issues. It’s prepopulated with the issue (weakness), how it was identified, along with the Control ID and description. Use this document as a simple project planner to fully implement an IT […]

Download Report

Specialty Reports

Unitrends Intergration Report - Screenshot

Unitrends Integrations Report

This report provides details on the latest backup statuses from Unitrends, which consolidates multiple backup solutions, and is designed to provide documentation of backup activity and assurance of backups. Data for this report is imported directly into the Compliance Manager GRC site data from the Unitrends console.

Download Report
Compliance Manager GRC - NIST SP 800-171 DoD Assessment Score Report - Screenshot

CMMC NIST SP 800-171 Scoring Report

Even though CMMC 2.0 has been launched, US Department of Defense still requires all subcontractors to perform a self-assessment against the NIST SP 800-171 requirements, and to score themselves based on a specific set of rules. Compliance Manager GRC includes the 800-171 assessment standard and automatically scores the assessment based on the DOC rules. This […]

Download Report
Compliance Manager GRC - System Security Plan - Screenshot

System Security Plan

The System Security Plan (SSP) is a requirement of CMMC 2.0, and can be used to as a formal document to support many other standards and frameworks. This formal report provides an overview of the security requirements for your information system and describes the security controls in place or planned for meeting those requirements.

Download Report

Supporting Reports

Application Inventory Worksheet

This worksheet is used to document the “criticality” of the applications identified as being installed on the computer endpoints operating within the network.

Download Report

User Access Review Worksheet

The worksheet is used to augment the user data that was collected during the internal network scan. Complete the worksheet to provide the additional information requested.

Download Report

Asset Inventory Worksheet

The worksheet is used to augment the asset data that was collected during the internal network scan. Details include the asset owner, acceptable use, environment, backup agent status, as well as device and asset criticality classification. The asset criticality classification is used to determine the risk to the organization in the event of a security […]

Download Report

External Information System Worksheet

This worksheet is used to document external information systems used by your organization. Add entries for each external information system along with a description, purpose for using the system, name of the business owner of the system, along with its criticality. Examples of external information systems include Salesforce, QuickBooks Online, and Microsoft 365.

Download Report

Windows Patch Assurance

This report helps verify the effectiveness of the client’s patch management program. The report uses scan data to detail which patches are missing on the network.

Download Report

Asset Inventory Review

Includes details about all assets, configurations and users uncovered during the network, computer endpoint and MS Cloud scanning process organized and presented into separate tabs in Excel for any use.

Download Report

Common Controls Operational Procedures

These operating procedures are custom built and generated based on the policies that an organization has selected in Compliance Manager GRC Policy Builder. The generated policies and procedures document the procedures and controls that are to be implemented by the organization in order to meet IT Security and/or regulatory requirements. Each common control is mapped […]

Download Report

Internal Vulnerability Scan Results

When a Compliance Manager GRC Site is integrated with VulScan during the Technical Review assessment process, a comprehensive report is generated including identified security holes and warnings, and informational items including CVSS scores from VulScan’s point-of-view. The VulScan internal vulnerability scan operates behind the firewall to identify and expose real and potential vulnerabilities inside the […]

Download Report

External Vulnerability Scan Results

When a Compliance Manager GRC Site is integrated with VulScan during the Technical Review assessment process, a detailed report is generated showing security holes and warnings, informational items including CVSS scores as scanned by VulScan from outside the target network. External vulnerabilities could allow a malicious attacker access to the internal network.

Download Report