Reports

No Two Reports Are Alike!

All of our reports are fully brandable. Pick from several different report style templates, change the colors to match your corporate style, select from a large library of stock images for your report covers or upload your own, and even edit the documents.

If you want to pull out just a specific chart or report section, they are all in standard MS Word format, so you can copy and paste any items into other documents.

Get Access to All Reports

Fill out the form below to access our Sample Reports page, where you can download samples of any report.

Please use your business email.

Key Report Features

  • All of our reports are fully brandable. On our sample reports, we have dropped in placeholder branding elements to demonstrate where and how the branding elements show up.
  • You can pick from several different report style templates, change the colors to match your corporate style, select from a large library of stock images for your report covers or upload your own, and even edit the documents.
  • If you want to pull out just a specific chart or report section, they are all in standard MS Word format, so you can copy and paste any items into other documents.

 

Click on the tabs below to see our report thumbnails and descriptions. To gain access to samples of all our reports, complete and submit the form above.

Dashboard Reports

Rapid Baseline Assessment Report

This report presents a summary of the Rapid Baseline Assessment responses and results as displayed in the Rapid Baseline Assessment Dashboard.

Controls Assessment Report

Presents a summary of the Controls Assessment responses and results as displayed in the Controls Assessment Dashboard.

Requirements Assessment Report

This report presents a summary of the Requirements Assessment responses and results as displayed in the Requirements Assessment Dashboard.

Compliance Manager GRC - All Employees Policy Acceptance Status Report Sample - Screenshot

All Employees Policy Acceptance Status Report

Compliance Manager GRC includes the ability to upload any number of policies or other HR-related documents into a self-serve web-based portal that employees can log-into, read and review the documents, and attest to agreement with the contents. This dashboard report presents a summary of Employee Policy Acceptance results recorded for all employees of a given […]

Vendor Risk Assessment Dashboard Report

Quickly and easily print out what you see on the Vendor Risk Management Report.

Compliance Manager GRC - All Vendor Assessments Status and Results Printable Report - Screenshot

All Vendors Assessments Status and Results Report

Whether you are compelled to track vendor compliance with specific IT requirements, or just do it as a matter of following best practices, Compliance Manager GRC gives you the ability to assign to your vendors specific sets of requirements — including any standards that you must adhere to. You can monitor progress for all your […]

Vendor Risk Excel Export Report

Want to take the results of your vendor risk assessment and work on them in Excel? No problem. You’ll get the summary results in one tab, and individual line itme results in another.

Policies & Procedures Reports

Compliance Manager GRC – FTC Safeguards Rules Standards and Controls

Organizations that are implementing Federal Trade Commission’s Standards for Safeguarding Customer Information – the Safeguards Rule, for short – must create and implement a set of policies and procedures used to implement the necessary security controls based upon the requirements of the Rule. This policies and procedures manual includes all of the standard provisions of […]

CIS Controls IG1

Implementation Group 1 (IG1) is the definition of basic essential cyber hygiene. IG1 represents an emerging minimum standard of information security and of protection against common attacks for all. This document includes all of the policies and procedures required to be in alignment with IG1.

CIS Controls IG2

Implementation Group 2 (IG2) is for enterprises that employ individuals who are responsible for managing and protecting IT infrastructure. IG2 is comprised 74 additional Safeguards and builds upon the 56 Safeguards identified in IG1. This document includes all of the policies and procedures required to be in alignment with IG2.

CIS Controls IG3

IG3 assets and data contain sensitive information or functions that are subject to regulatory and compliance oversight.IG3 is comprised of an additional 23 Safeguards, and is the framework to use for maximum IT security. It builds upon the Safeguards identified in IG1 and IG2, and includes all 153 Safeguards included in the CIS Critical Security […]

NIST CSF Policies and Procedures

Organizations that are implementing NIST Cyber Security Framework controls must create and implement a set of policies and procedures used to implement the necessary security controls based upon the NIST Cyber Security Framework.

NIST 800-171 Policies and Procedures

Organizations that are implementing NIST SP 800-171 IT security requirements must create and implement a set of policies and procedures used to implement the necessary security requirements based upon the NIST SP 800-171 IT security requirements.

HIPAA Privacy Rule Policies and Procedures

A second requirement is to have a set of policies and procedures used to implement PHI privacy protection and compliance with the HIPAA Privacy Rule.

HIPAA Security Rule Policies and Procedures

One of the first requirements is to have a set of policies and procedures used to implement ePHI data security and compliance with the HIPAA Security Rule.

HIPAA Breach Notification Rule Policies and Procedures

A third requirement is to have a set of policies and procedures used to implement procedures to notify individuals and the HHS Secretary of PHI breach events experienced by the organization and compliance with the HIPAA Breach Notification Rule.

PCI DSS SAQ A Policies and Procedures

To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ-A is for e-commerce/mail/telephone-order (card-not-present) merchants which have completely outsourced all cardholder data functions.

PCI DSS SAQ A EP Policies and Procedures

To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ-A-EP is for e-commerce-only merchants that rely on third-party service providers to handle card information, and which have a website that doesn’t process credit card data but could impact the security of the payment transaction.

PCI DSS SAQ B IP Policies and Procedures

To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ-B-IP is for merchants using only standalone, PTS-approved payment terminals with an IP connection to the payment processor, and which do not store electronic cardholder data.

PCI DSS SAQ C Policies and Procedures

To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ-C is for any merchant which utilizes a payment application connected to the internet, but with no electronic cardholder data storage.

PCI DSS SAQ C VT Policies and Procedures

To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ – C-VT is for merchants which utilize a virtual terminal on one computer dedicated solely to card processing, and which do not store electronic cardholder data. This is not for e-commerce activities.

CMMC 2.0 – Level 1 Policies and Procedures

Organizations that are implementing CMMC 2.0 Level 1 security controls must create and implement a set of policies and procedures used to implement CUI data security based upon the CMMC 2.0 – Level 1 IT Security Framework.

CMMC 2.0 – Level 2 Policies and Procedures

Organizations that are implementing CMMC 2.0 Level 2 security controls must create and implement a set of policies and procedures used to implement CUI data security based upon the CMMC 2.0 – Level 2 IT Security Framework.

CMGRC - NYS DFS - Policies and Procedures

NYS DFS Part 500-23 Policies & Procedures

The New York State Department of Financial Services (NYDFS) requires that all covered entities maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of their information systems.

Cyber_Essentials_Policies_and_Procedures_truncated

Cyber Essentials Policies & Procedures

Organizations that implement the Cyber Essentials (Plus) controls must create and implement a set of policies and procedures that are used to certify and protect businesses against the growing threat of cyber-attacks. The report gathers the necessary evidence to have the Cyber Essentials (Plus) certification completed with real data. The certification defines a focused set […]

UK GDPR Controller and Processor Policies and Procedures

One of the first requirements is to have a set of policies and procedures used to implement Personal Data privacy protection, security, and compliance with UK GDPR.

EU_GDPR_Policies_and_Procedures-thumbnail

EU GDPR Controller and Processor Policies and Procedures

One of the first requirements is to have a set of policies and procedures used to implement Personal Data privacy protection, security, and compliance with EU GDPR.

SS - CM GRC - Essential 8 - Level 1

Essential 8 Maturity Level 1 Policies & Procedures

Organizations that implement the Essential 8 controls must create a set of policies and procedures that are used to certify and protect Australian businesses against the growing threat of cyber-attacks. The report gathers the necessary evidence to have the organization follow the Essential 8 framework maturity scale, which is comprised of three levels. This report […]

SS - CM GRC Essential 8 - Level 2

Essential 8 Maturity Level 2 Policies & Procedures

Organizations that implement the Essential 8 controls must create a set of policies and procedures that are used to certify and protect Australian businesses against the growing threat of cyber-attacks. The report gathers the necessary evidence to have the organization follow the Essential 8 framework maturity scale, which is comprised of three levels. This report […]

Essential 8 Maturity Level 3 Policies & Procedures

Organizations that implement the Essential 8 controls must create a set of policies and procedures that are used to certify and protect Australian businesses against the growing threat of cyber-attacks. The report gathers the necessary evidence to have the organization follow the Essential 8 framework maturity scale, which is comprised of three levels. This report […]

Cyber Insurance Readiness Policies & Procedures

Cyber-insurance is a specialty insurance product intended to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. Compliance Manager GRC is the first software solution that allows cyber-insurance policyholders to systematically provide compliance policy and procedure documentation, which is the foundation of any compliance program, both in […]

Primary Reports

Your Standard - Full Assessment - Sample

Your Standard- Full Assessment Report

This report can be generated from the requirements assessment for any standard you are managing. It. compiles compliance information from automated scans, augmented data, and questionnaires. gathers evidence into one document to back up Assessor Checklist with real data.

Assessor’s Checklist

The Assessor’s Checklist gives you a high-level overview of how well the organization complies with the specific standard being managed. A separate Auditor’s check list can be generated for any Standard — whether from one of the built-in government and industry templates, or your own custom set of Requirements and Controls. The checklist details specific […]

Technical Risk Treatment Plan - Technical Review

Technical Risk Treatment Plan

This report prioritizes the discovered IT security risks and provides recommendations on remediation steps.

Technical Risk Analysis - Technical Review

Technical Risk Analysis

Identifies what protections are in place and where there is a need for more. It includes a list of items that must be remediated to ensure the security and confidentiality of sensitive data at rest and/or during its transmission.

Technical Assessment - Technical Review

Technical Assessment

This report includes details about all assets, configurations and users uncovered during the network, computer endpoint and MS Cloud scanning process.

Plan of Actions and Milestones Report

This report is a dynamic project plan spreadsheet document, fed by Compliance Manager GRC, that includes separate tabs of Technical Issues, Control Issues and Standards Issues. It’s prepopulated with the issue (weakness), how it was identified, along with the Control ID and description. Use this document as a simple project planner to fully implement an IT […]

Specialty Reports

Compliance Manager GRC – Datto Unified Continuity Report

The Datto Unified Continuity Report, the first (and currently only) report that consolidates backup data from all four Datto Continuity services, including Siris and Alto (BCDR), Cloud Continuity for PCs (CC4PC), and Datto Continuity for Microsoft Azure (DCMA). This new report, available only through Network Detective Pro, consolidates back-up information from all four Datto products […]

Unitrends Intergration Report - Screenshot

Unitrends Integrations Report

This report provides details on the latest backup statuses from Unitrends, which consolidates multiple backup solutions, and is designed to provide documentation of backup activity and assurance of backups. Data for this report is imported directly into the Compliance Manager GRC site data from the Unitrends console.

Compliance Manager GRC - NIST SP 800-171 DoD Assessment Score Report - Screenshot

CMMC NIST SP 800-171 Scoring Report

Even though CMMC 2.0 has been launched, US Department of Defense still requires all subcontractors to perform a self-assessment against the NIST SP 800-171 requirements, and to score themselves based on a specific set of rules. Compliance Manager GRC includes the 800-171 assessment standard and automatically scores the assessment based on the DOC rules. This […]

Compliance Manager GRC - System Security Plan - Screenshot

System Security Plan

The System Security Plan (SSP) is a requirement of CMMC 2.0, and can be used to as a formal document to support many other standards and frameworks. This formal report provides an overview of the security requirements for your information system and describes the security controls in place or planned for meeting those requirements.

Supporting Reports

Application Inventory Worksheet

This worksheet is used to document the “criticality” of the applications identified as being installed on the computer endpoints operating within the network.

User Access Review Worksheet

The worksheet is used to augment the user data that was collected during the internal network scan. Complete the worksheet to provide the additional information requested.

Asset Inventory Worksheet

The worksheet is used to augment the asset data that was collected during the internal network scan. Details include the asset owner, acceptable use, environment, backup agent status, as well as device and asset criticality classification. The asset criticality classification is used to determine the risk to the organization in the event of a security […]

External Information System Worksheet

This worksheet is used to document external information systems used by your organization. Add entries for each external information system along with a description, purpose for using the system, name of the business owner of the system, along with its criticality. Examples of external information systems include Salesforce, QuickBooks Online, and Microsoft 365.

Windows Patch Assurance

This report helps verify the effectiveness of the client’s patch management program. The report uses scan data to detail which patches are missing on the network.

Asset Inventory Review

Includes details about all assets, configurations and users uncovered during the network, computer endpoint and MS Cloud scanning process organized and presented into separate tabs in Excel for any use.

Common Controls Operational Procedures

These operating procedures are custom built and generated based on the policies that an organization has selected in Compliance Manager GRC Policy Builder. The generated policies and procedures document the procedures and controls that are to be implemented by the organization in order to meet IT Security and/or regulatory requirements. Each common control is mapped […]

Internal Vulnerability Scan Results

When a Compliance Manager GRC Site is integrated with VulScan during the Technical Review assessment process, a comprehensive report is generated including identified security holes and warnings, and informational items including CVSS scores from VulScan’s point-of-view. The VulScan internal vulnerability scan operates behind the firewall to identify and expose real and potential vulnerabilities inside the […]

External Vulnerability Scan Results

When a Compliance Manager GRC Site is integrated with VulScan during the Technical Review assessment process, a detailed report is generated showing security holes and warnings, informational items including CVSS scores as scanned by VulScan from outside the target network. External vulnerabilities could allow a malicious attacker access to the internal network.