GLBA, NYDFS Part 500, CCPA/CPRA, and NIST framework tools for banks, credit unions, insurance companies, broker-dealers, RIAs, and fintechs. Free downloads. No paywalls. Built by senior practitioners for the compliance and security officers who have to implement these frameworks under audit pressure.
Find the right resource for your entity type below. Every download goes directly to your work email.
Cross-framework control matrices that let you map GLBA, NIST, NYDFS, and CCPA obligations simultaneously. Start here if you answer to multiple frameworks.
A single cross-framework control matrix that maps GLBA Safeguards Rule, NIST CSF 2.0, NYDFS Part 500, and CCPA/CPRA requirements side by side — document once, satisfy four frameworks.
Maps the NIST AI Risk Management Framework Govern/Map/Measure/Manage functions directly onto financial services model risk and AI governance obligations — practical, examiner-facing guidance.
Each financial institution type carries different charter obligations and regulatory expectations. Download the workbook built for your entity class.
A complete Information Security Program template for FDIC- and NCUA-supervised institutions, aligned to the GLBA Safeguards Rule final rule requirements for written ISPs.
A compliance guide for insurance carriers and agencies navigating both the GLBA Safeguards Rule and NYDFS Part 500 cybersecurity regulation — including the overlap and the gaps between them.
A compliance workbook covering the GLBA Safeguards Rule, the 2024 SEC Reg S-P amendments, and FINRA cybersecurity expectations for broker-dealer customer data protection programs.
A combined compliance guide for investment advisers covering GLBA obligations, the 2024 Reg S-P cybersecurity amendments, and SEC exam expectations for AI systems used in advisory functions.
A GLBA compliance workbook for non-bank financial institutions and fintechs — covering which entities are covered, what a compliant ISP requires, and how to satisfy the Safeguards Rule without a legacy bank compliance team.
The workbooks above are self-serve. When you are ready for a senior-led engagement, each financial-institution type has a dedicated AI governance page mapped to the regulators that examine it.
New York Department of Financial Services Part 500 and Part 23 (BitLicense) compliance workbooks for NY-licensed entities navigating the most demanding state cybersecurity regime in the US.
The most complete Part 500 compliance workbook available: a section-by-section gap assessment covering all 23 NYCRR Part 500 requirements, mapped to evidence expectations for DFS examiners.
A ready-to-use template for the NYDFS-required CISO annual report and board certification under 23 NYCRR Part 500.17 — covering the required attestation language and the supporting evidence structure.
A cybersecurity compliance workbook for BitLicense holders and virtual currency businesses, mapping NYDFS Part 23 cybersecurity requirements alongside Part 500 and the unique obligations of crypto-native financial entities.
Tools that cut across regulatory frameworks: a GLBA/CCPA privacy navigator and a regulatory deadline tracker for the compliance calendar every CCO and GC needs.
A side-by-side navigator for financial institutions subject to both GLBA and CCPA/CPRA — mapping the partial CCPA exemption, where it applies, where it does not, and what your privacy program must cover under both regimes.
Every material GLBA, NYDFS Part 500, CCPA/CPRA, Reg S-P, and related finserv cybersecurity and privacy deadline from 2023 through 2026 — with compliance status, effective dates, and transition guidance in one tracker.
Need help implementing these frameworks? A senior practitioner — not a junior analyst — scopes a fixed-fee readiness engagement on a 30-minute call. No pitch, just a clear picture of where you stand and what to fix first.
Schedule a complimentary scoping call →