Resources
This resource library includes practical cybersecurity templates designed to help businesses strengthen their security posture, document internal processes, and meet compliance standards. Select a template below to view and download.
Vendor Risk Assessment Template
The purpose of this template is to help assess the risk third-party vendors pose to your organisation’s cybersecurity posture.
Vendor Information
| Vendor Name | [Insert Name] |
|---|---|
| Contact Person | [Insert Name] |
| Services Provided | [Insert Services] |
| Data/Systems Accessed | [Insert Details] |
Assessment Summary
| Assessment Date | [Insert Date] |
|---|---|
| Assessor Name | [Insert Name] |
| Risk Level | [High / Medium / Low] |
Security Practices Checklist
| Practice | Implemented? |
|---|---|
| Documented security policy | Yes / No |
| Multi-factor authentication | Yes / No |
| Regular vulnerability scans | Yes / No |
| Incident response plan | Yes / No |
| Encryption of sensitive data | Yes / No |
Risk Rating
| Criteria | Rating |
|---|---|
| Likelihood | High / Medium / Low |
| Impact | High / Medium / Low |
| Overall Risk | High / Medium / Low |
Comments & Recommendations
Summarise any concerns identified during the assessment. Provide recommendations to mitigate risk and improve the vendor’s security posture. List any follow-up actions required or documents needed.
Security Awareness Training Log Template
This training log helps maintain compliance with Cybersecurity standards and ensures staff understand current threats, secure practices, and reporting procedures.
Training Record Table
| Name | [Insert Name] |
|---|---|
| Department | [Insert Department] |
| Training Topic | [Insert Topic] |
| Delivery Method | [e.g., In-person, Online, Hybrid] |
| Trainer/Facilitator | [Insert Name] |
| Date of Completion | [Insert Date] |
| Quiz/Assessment Score | [Insert Score] |
| Acknowledgment Received? | [Yes / No] |
| Comments | [Any relevant notes or feedback] |
Incident Response Template
Use this template to help guide your organisation’s response to cybersecurity incidents in a structured and timely manner.
Incident Overview
- Date Detected:
- Reporter Name/Dept:
- Impacted System(s):
- Incident Type: e.g. Malware, Ransomware, Phishing
Impact & Scope
- Severity Level: High / Medium / Low
- Scope Description: Affected systems or users
- Potential Consequences: e.g. data loss, downtime
Containment Strategy
| Action Taken | Completed? |
|---|---|
| System isolated | Yes/No |
| Malware removed | Yes/No |
| External access blocked | Yes/No |
Eradication & Recovery
Describe what was done to fix and restore systems.
- Root Cause Identified: Yes / No
- Systems Restored: List specifics
- Patches Applied: Where applicable
Communication Record
Log internal and external updates.
- Team Alerts Issued: Yes / No
- External Reporting (DPC, Garda): Required?
Post-Incident Analysis
- What worked well?
- What needs improvement?
- Recommended policy or tech updates:
Access Control Policy Template
This Access Control Policy provides an outline on how to manage user access to systems, applications, and data. The goal is to ensure that access is granted only to authorised users based on business needs and job responsibilities.
Purpose
To protect information assets by ensuring appropriate access controls are in place across all systems and services.
Scope
This policy applies to all employees, contractors, and third parties who require access to company resources.
Policy Statements
- Least Privilege: Users are granted the minimum access necessary to perform their job.
- Role-Based Access Control: Access rights are assigned based on defined job roles.
- Authentication: Strong passwords or MFA are required for access to critical systems.
- Access Reviews: Access rights must be reviewed quarterly and removed immediately when no longer needed.
- Privileged Accounts: Admin/root access is restricted and monitored.
Roles and Responsibilities
| Role | Responsibility |
|---|---|
| IT Admins | Assign access rights and monitor usage |
| HR Department | Notify IT of staff changes |
| Managers | Approve or revoke user access |
| All Users | Use access responsibly and report issues |
Access Request Procedure
- Submit access request form to IT
- Manager approval required
- IT assigns appropriate access
- Confirmation sent to requester
Termination of Access
Access is revoked on the employee’s last working day. Temporary accounts are reviewed monthly.
Monitoring
System logs are reviewed regularly to detect unauthorised access or anomalies.
Review & Approval
| Review Date | [Insert date] |
|---|---|
| Next Review | [Insert date] |
| Approved by | [Insert name] |
Data Breach Notification Template
This template helps your organization formally document and notify stakeholders of a data breach, in line with GDPR and industry best practices.
Breach Summary
- Date of Discovery: [Insert date]
- Date of Breach (if different): [Insert date]
- Detected By: [Insert name or department]
- Nature of Breach: [e.g. Unauthorized access, ransomware, lost device]
Affected Data Types
| Type of Data | Description | Impact Severity |
|---|---|---|
| e.g. Names | Full names of clients | High |
| e.g. Emails | Customer email addresses | Medium |
| e.g. Passwords | Encrypted passwords | High |
Affected Parties
- Internal staff: Yes/No
- External clients/customers: Yes/No
- Third-party vendors: Yes/No
- Estimated number of affected individuals: [Insert number]
Breach Details
How it occurred:
[Describe how the breach happened – e.g. phishing attack, server misconfiguration, stolen device]
Systems or services affected:
[List affected servers, services, or systems]
Duration of breach:
[Insert timeframe — e.g. between 3 July 2025 and 5 July 2025]
Immediate Response
- Incident response team activated: Yes/No
- Systems isolated or taken offline: [Insert details]
- DPC (Data Protection Commission) notified: Yes/No
- Stakeholders informed: Yes/No
Actions Taken
- Passwords reset for affected accounts?
- Security patches applied?
- Logs reviewed for indicators of compromise?
- Backup restoration (if applicable)?
- Press or public statement drafted?
- Notification emails sent to users?
- Legal counsel consulted?
Notification Email to Users
Subject: Important Notice: Data Breach Notification
Dear [User’s Name],
We are writing to inform you that your personal data may have been compromised in a recent security incident. The breach occurred on [date] and may have included [types of data].
We have taken immediate steps to address the issue and prevent recurrence. We recommend resetting your password and remaining vigilant for suspicious activity.
If you have any questions or concerns, please contact our support team at [email/phone].
Sincerely,
[Your Company Name]
Cyber Risk Assessment Template
This template will help evaluate specific assets, systems, or processes for risk exposure and plan mitigations.
Scope of Assessment
| Asset or Process Name | [Insert name] |
|---|---|
| Owner/Manager | [Insert person or team] |
| Function/Value | Brief description of its business role |
Threat & Vulnerability
| Threat Description | What could go wrong? |
|---|---|
| Vulnerability | Weakness that could be exploited |
Impact Area
| Impact Area | Consequence Description |
|---|---|
| Confidentiality | [Describe impact] |
| Integrity | [Describe impact] |
| Availability | [Describe impact] |
Risk Treatment Plan
| Current Controls | What’s in place already |
|---|---|
| Proposed Actions | New controls or steps needed |
Review & Follow-up
| Next Scheduled Review | [Date] |
|---|---|
| Review Assigned To | [Name or team] |
Internal Cybersecurity Review
This internal cybersecurity review assesses the current state of our organization’s security posture across systems, networks, and staff practices. It aims to identify strengths, weaknesses, and areas for improvement.
Review Details
| Review Date | 1/1/25 |
|---|---|
| Review Author | Tom Smith |
| Department | IT |
| Review Frequency | Quarterly |
| Scope | Network, System Policies |
Current Security Controls
| Control Type | Implemented? | Comments |
|---|---|---|
| Antivirus | Yes/No | [Details] |
| Firewalls | Yes/No | [Details] |
| Patch Management | Yes/No | [Details] |
| Access Control | Yes/No | [Details] |
| Encryption | Yes/No | [Details] |
Policy Compliance
| Policy Area | Compliant | Notes |
|---|---|---|
| Acceptable Use Policy | Yes/No | – |
| Password Management Policy | Yes/No | – |
| BYOD Policy | Yes/No | – |
| Remote Work Policy | Yes/No | – |
Incidents and Findings
- Brief summary of any security incidents
- Root causes or contributing factors
- Lessons learned and remediation steps taken
Recommendations
Insert 2–3 tailored recommendations based on findings
Asset Register Template
The purpose of this template is to maintain a complete, up-to-date list of IT assets used within the organisation. This helps with auditing, incident response, and security compliance.
| Asset ID | |
|---|---|
| Type | |
| Make/Model | Laptop / Server / etc. |
| Serial Number | |
| Assigned Employee | |
| Department | |
| Location | |
| Date Acquired | |
| Warranty Expiry Date | |
| Status | In Use / Retired |
| Encrypted? | Yes/No |
| Antivirus Installed? | Yes/No |
| Included in Audit? | Yes/No |
Consider reviewing this register quarterly and flagging assets due for refresh, decommission, or policy update.
Download TemplatePatch Management Log Template
Keeping track of updates is critical to prevent vulnerabilities and ensure system stability. Use this log to document all patches applied across your infrastructure.
| System Name | e.g. Server01 |
|---|---|
| Operating System | e.g. Windows 10 |
| Patch ID | Unique vendor identifier |
| Description | Brief of what the patch addresses |
| Date Released | Vendor release date |
| Date Applied | Date patch was installed |
| Responsible | Person/team responsible |
| Reboot Required? | Yes/No |
| Post-Install Notes | Notes, issues, or verification steps |
Fill out this log after each patching activity. Save logs in a secure shared folder and review regularly to ensure systems remain consistently patched.
Download Template