The tools you’ll find here are early-stage rough-and-ready prototypes. They’re not built for scale, compliance, or enterprise rollouts. Think of them more like sketches than blueprints - designed to get you thinking, not to run your core business on.
Each tool is focused, lightweight, and built to do one thing. They may be helpful for people newer to the GRC or the cyber risk space, looking to experiment, learn, and bring fresh thinking to their work.
All the tools listed below are working demos or in development. They’re here to explore ideas and start conversations - not to be production-ready, bulletproof solutions.
Need help writing better prompts for AI? This free tool is designed for cybersecurity, GRC, and tech professionals who want to get clearer, more effective answers from AI tools like ChatGPT.
AI Prompt Creator helps you build strong, structured prompts through a few quick, guided steps. Whether you’re writing a risk summary, designing a strategy, or doing research, this tool helps you get straight to the point.
AI Prompt Creator 1. Who is ChatGPT supposed to be? 2. What task or outcome should it focus on? 3. What context or inputs should it consider? 4. How should the response be structured? 5. Explain to me like I'm 25 years old. Generate Prompt 🔒 Your Privacy is Protected. This tool runs entirely in your browser. None of the information you enter is sent to our servers or stored remotely. All data processing is performed locally on your device, ensuring that your inputs remain private and secure. We do not collect, track, or retain any data you provide through this tool. You are in full control of your information. If you have any questions about how the tool works, please contact us before using this tool. ...
Instant Risk Universe Generator for Heads of Audit & Startup Boards Purpose This free browser-based tool helps new Heads of Internal Audit and fast-moving boards rapidly assess key business risks, and to determine what their risk universe will be. Whether you’re entering a new company or building governance from scratch, the Risk Radar gets you from zero to insight in 15 minutes—no installation, no data sharing.
Who This Is For New Heads of Internal Audit joining unfamiliar sectors or geographies Startup and scale-up boards looking to get a grip on risk without bureaucracy Governance leads needing quick wins to present to investors or regulators Key Features 1. Interactive Risk Diagnostic for Internal Audits and Board Reviews Short Q&A to assess business context (sector, tech, regulation) Output: Top 10 risks + tailored Risk Universe Based on standard risk categories (Strategic, Operational, Financial, etc.) Tailored for fast-paced startup environments Helps Boards meet governance best practices without hiring a full team Designed to support Internal Audit onboarding and strategic reviews 2. Import / Export Accepts: .json, .csv, .md (with YAML frontmatter) Export as: JSON (app state / reuse) Markdown (board-ready report) CSV (Excel-friendly) 3. Local Execution Entirely client-side: powered by Pyodide No data leaves the browser Optional localStorage persistence Stay Sharp on Startup Governance Subscribe to the Lines of Defence newsletter for more tools, playbooks, and no-nonsense advice for risk leaders and forward-thinking boards.
...
Overview of the Tool When working with suppliers and other third parties, it’s essential to understand the security controls they have in place. These partners can introduce significant risk if their cyber posture is weak - and in large organisations, there’s usually a patchwork of onboarding, procurement, risk, and IT processes trying to keep it all in check.
One key step in onboarding a third party is performing supplier due diligence. That often includes an information security assessment to get a sense of how well the supplier is managing threats, vulnerabilities, and data protection, and your goal is really to establish that they’re doing things as well as you are. In some cases you may even learn some good practice from them.
...