Compliance Toolkits, Gap Analysis Tools & GRC Templates | Seven Step Consulting Shop

Stop Managing Compliance.
Start Owning It.

Practitioner-built toolkits, GRC frameworks, cybersecurity playbooks, and training resources forged over two decades. and battle-tested across 200+ organisations in 20+ countries..

Most compliance programmes fail not from lack of effort, but from the wrong foundation. Generic templates, misapplied frameworks, and rushed certifications create the illusion of readiness — until an audit, a breach, or a regulator proves otherwise

Our Compliance & Trust Shop is different. Every resource here was built by practitioners who have implemented these frameworks on the ground across startups chasing their first ISO 27001, mid-market firms navigating DPDP or SEBI mandates, and enterprise CISOs hardening supply chain risk programmes

You get documentation that works. Frameworks that fit. Training that sticks

20+ Years of consulting experience

200+ Organisations served globally

20+ Countries deployed

100% Certification success rate

THE SEVEN STEPS — Navigation Framework

Every resource in this shop maps to one of seven progressive steps. You can start anywhere — but the steps are designed to build on each other.

Step	Name	What It Solves	Formats Available
Step 1	The Foundation Audit	Know your exact compliance posture before spending anything	Free assessments, scorecards, checklists
Step 2	The Framework Build	Turn regulatory requirements into executable documentation	ISO & regulatory implementation toolkits
Step 3	The Security Core	Build operational security habits your team actually follows	Cybersecurity playbooks, incident response templates
Step 4	The Stress Test	Find your blind spots before an auditor or attacker does	Gap analysis tools, audit diagnostics, risk scorecards
Step 5	The Boardroom Brief	Translate technical compliance into leadership decisions	Executive decks, board packs, governance handbooks
Step 6	The Ecosystem Shield	Extend compliance across vendors, partners, and supply chain	TPRM frameworks, vendor questionnaires, white-label packs
Step 7	The Assurance Engine	Move from manual tracking to continuous compliance	TCF Solutions Suite — Coming Soon

WHO USES THE SEVEN STEP SHOP

Buyer Profile	Their Problem	What They Buy
SMBs pursuing first ISO 27001 or SOC 2 certification	No documentation, no idea where to start, can’t afford a full consultant	Gap Analysis Tool + ISO 27001 Implementation Toolkit
Internal compliance and audit teams	Audit cycle is slow, templates built from scratch each time	Gap analysis tools, audit checklists, risk scorecards
CISOs and Chief Risk Officers	Board doesn’t understand security risk; no exec-ready reporting	Executive board packs, governance handbooks, risk dashboards
Cybersecurity and GRC consultants	Building client templates from scratch wastes billable hours	White-label documentation packs, ISO toolkits, playbook bundles
HR and training managers	Staff don’t understand data protection or cybersecurity obligations	GDPR awareness training, ISO 27001 e-learning, AI awareness modules
Startups handling sensitive data	Customers and investors demand compliance proof — fast	GDPR toolkit, SOC 2 toolkit, HIPAA compliance documentation

WHY THIS SHOP IS DIFFERENT

Every resource is built from real implementation experience — not from reading the standard and reverse-engineering a template. Our consultants have led more than 200 audits, certification projects, and compliance implementations across banking, healthcare, SaaS, manufacturing, and government sectors.

What Most Template Shops Offer	What Seven Step Delivers
Generic checklists written from the standard	Practitioner-built from real audit and certification engagements
Static templates with no usage guidance	Every document includes implementation guidance notes and pre-filled examples
No upgrade path when you need more help	Direct upgrade to Seven Step Consulting advisory services — same practitioners
One-size-fits-all formats	Toolkits structured for both small teams and enterprise compliance programmes
No framework alignment notes	Explicit alignment to ISO 27001:2022, ISO 42001:2023, and current regulatory versions

The Foundation Audit: Free Compliance & Risk Starter Kit

Know Exactly Where You Stand — Before You Spend Anything

Most compliance programmes fail not because the organisation lacks resources — but because they start in the wrong place. The Foundation Kit gives you a precise, prioritised view of your compliance posture before you invest in toolkits, consultants, or platforms.

Every resource below is free. No credit card. No trial. No catch.

Free Resource	What It Does	Applicable Frameworks
ISO 27001 Readiness Checklist	Assesses your ISMS readiness across Clauses 4–10 and Annex A controls — identifies your biggest gaps in under 30 minutes	ISO 27001:2022
DPDP Act Starter Kit	India-specific digital personal data protection compliance baseline — data inventory template, consent checklist, and processing activity register	DPDP Act 2023
Internal Audit Programme Template	A structured 12-month audit schedule template with audit criteria, sampling guidance, and findings tracker	ISO 27001, ISO 9001, ISO 22301
Vendor Security Due Diligence Form	A 25-question security questionnaire for assessing third-party vendor risk — covers access controls, data handling, and incident response	ISO 27001 Annex A 5.19, SOC 2 CC9
Privacy Impact Assessment (PIA) Template	A structured DPIA/PIA template for assessing privacy risks in new projects and processing activities	GDPR Article 35, DPDP Act
Business Impact Analysis (BIA) Template	Identifies critical business functions and their recovery time objectives — the foundation of any business continuity plan	ISO 22301
SOC 2 Controls Framework Spreadsheet	Maps SOC 2 Trust Services Criteria to your existing controls — shows your starting coverage position	SOC 2 (AICPA TSC)
Continuous Improvement Register	A structured log for tracking nonconformities, corrective actions, and improvement opportunities across any management system	ISO 27001 Clause 10, ISO 9001 Clause 10
Policy Development Toolkit	A starter template for drafting your Information Security Policy, Acceptable Use Policy, and Data Protection Policy	ISO 27001, GDPR, HIPAA
Cybersecurity Awareness Posters	Print-ready A3 posters covering phishing, password security, data handling, and social engineering — for office and digital use	General cybersecurity awareness
GDPR & Data Protection Posters	Visual summaries of GDPR rights, lawful basis for processing, and breach reporting obligations	GDPR, UK GDPR, DPDP

Want all free resources in one download? Get the complete Seven Step Foundation Kit — every checklist, template, scorecard, and poster in a single ZIP file. Enter your email to receive it instantly.

Who should start with the Foundation Kit?

Any organisation that has not yet conducted a formal compliance gap assessment should start here. This includes startups beginning their ISO 27001 or SOC 2 journey, organisations responding to a new regulatory requirement such as DPDP Act or DORA, and internal audit teams setting up their programme for the first time.

Gap Analysis Tools

Gap Analysis Tools — Know Your Compliance Gaps Before the Auditor Does

Achieving certification or regulatory compliance starts with an accurate picture of where you stand. Our gap analysis tools are built from real audit experience — not reverse-engineered from the standard. Each tool gives you a measurable, prioritised view of your compliance gaps so you know exactly what to fix first.

ISO 27001:2022 Gap Analysis Tool

Identify exactly what stands between your organisation and ISO 27001:2022 certification — without hiring a consultant for a scoping exercise.

This Excel-based assessment tool maps your current information security posture against ISO/IEC 27001:2022 Clauses 4–10 and all 93 Annex A controls aligned to ISO/IEC 27002:2022. The automated dashboard tells you your compliance percentage by clause and control category — so you can build a prioritised implementation plan on day one.

What the Tool Covers

Assessment Area	Coverage
Clauses 4–10 (Context, Leadership, Planning, Support, Operation, Evaluation, Improvement)	All mandatory requirements — 80+ structured assessment questions
Annex A Controls — Organisational (37 controls)	Policies, roles, threat intelligence, asset management, supplier security, incident management
Annex A Controls — People (8 controls)	Screening, terms of employment, training, disciplinary process, remote working
Annex A Controls — Physical (14 controls)	Perimeter security, equipment security, clear desk policy, media disposal
Annex A Controls — Technological (34 controls)	Access control, cryptography, malware protection, logging, vulnerability management, backup

What You Get

Clause-by-clause assessment questionnaire with scoring
Control maturity rating (Not Implemented / Partial / Implemented / Optimised)
Automated executive dashboard — compliance percentage by clause and control theme
Gap identification with built-in recommendations for each control gap
Evidence and policy mapping columns — link existing documents to controls
Action planning worksheet — assign owners, due dates, and priority ratings

Starter

Self-assessment only

₹9,999 / $129

Professional

Most popular

₹24,999 / $299

Enterprise

Done-with-you

₹89,999 / $1,099

Is this tool suitable for organisations that have never started an ISMS?

Yes. This is the ideal starting point. The tool guides you through each requirement systematically and does not assume any existing documentation or prior ISMS work. Most organisations complete the initial assessment in 2–4 hours.

ISO 27701:2019 Gap Analysis Toolkit

If your organisation is already aligned with ISO 27001 and needs to extend into privacy — ISO 27701 is the certification framework. This toolkit maps every gap between your existing ISMS controls and the additional requirements of ISO/IEC 27701:2019.

What the Toolkit Covers

All ISO 27701 extension clauses mapped to the ISO 27001 framework
Separate assessment tracks for data controllers and data processors
Privacy governance, accountability, data subject rights, and privacy controls
GDPR and DPDP Act alignment annotations on each control
Colour-coded compliance dashboard — critical gaps / partial gaps / compliant areas
Executive summary table for board and steering committee reporting

Starter

Self-assessment only

₹12,999 / $159

Professional

Most popular

₹34,999 / $429

Enterprise

Done-with-you

₹1,09,999 / $1,349

GDPR Gap Analysis Toolkit

GDPR compliance is not a checkbox exercise — it is a continuous programme covering lawful basis, consent management, data subject rights, privacy by design, and breach response. This toolkit gives you an objective, measurable starting point.

What Makes This Toolkit Different

Proprietary RADAR™ Scoring Model — category-wise maturity scoring with visual radar chart
84 structured assessment questions across 10 GDPR compliance domains
Red alert system — automatically flags critical compliance gaps requiring immediate action
Context-aware assessment — adjusts based on your organisation type and data processing activities
Evidence capture columns — document existing practices for audit trail
Integrated remediation planning — assign actions, owners, and target dates

10 GDPR Compliance Domains Assessed

Domain	Key Controls Assessed
Lawful Basis & Consent	Consent management, legitimate interest assessments, consent records
Data Subject Rights	DSAR process, erasure, portability, restriction, objection handling
Data Protection by Design	Privacy impact assessments, data minimisation, pseudonymisation
Data Mapping & ROPA	Record of Processing Activities, data flows, cross-border transfers
Vendor & Processor Management	DPA agreements, processor assessments, sub-processor controls
Incident & Breach Management	Breach detection, 72-hour notification, breach log maintenance
Governance & Accountability	DPO appointment, privacy policies, staff training, records
International Transfers	Standard Contractual Clauses, adequacy decisions, transfer impact assessments
Children’s Data & Special Categories	Enhanced protections, consent mechanisms, additional safeguards
Monitoring & Continuous Improvement	Review cycles, policy updates, staff awareness effectiveness

Starter

Gap assessment only

₹19,999 / $249

Professional

Most popular

₹59,999 / $749

Everything in Starter
GDPR Documentation Toolkit
Privacy Policy + Data Protection Policy
DSAR templates + ROPA templates
Breach notification workflow
Consent management templates
30 days email support

Enterprise

Done-with-you

₹1,99,999 / $2,499

Business Continuity & Resilience Gap Analysis Toolkit

Most organisations believe they are prepared for disruption — until a disruption exposes their gaps. This toolkit assesses your business continuity maturity against ISO 22301 and gives you a prioritised remediation plan before the incident — not after.

What the toolkit covers

Business continuity maturity assessment aligned to ISO 22301:2019
Risk management and Business Impact Analysis (BIA) readiness
Recovery planning — Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)
Testing and exercise programme evaluation
Executive resilience dashboard with colour-coded maturity levels
Action planning framework with gap closure tracking

Starter

₹19,999 / $249

Professional

Most popular

₹54,999 / $699

Enterprise

Done-with-you

₹1,49,999 / $1,849

DORA Gap Analysis Toolkit

The EU Digital Operational Resilience Act (DORA) applies from January 2025 to financial entities and their critical ICT third-party providers. This toolkit assesses your compliance posture across all five DORA pillars and produces an auditable gap report.

Five DORA Pillars Assessed

DORA Pillar	What It Requires	Assessment Coverage
ICT Risk Management	Comprehensive ICT risk governance framework	Policies, governance, risk frameworks, asset management
ICT Incident Reporting	Classification and regulatory reporting of major ICT incidents	Detection, classification, 4-hour initial report, root cause analysis
Digital Operational Resilience Testing	Regular TLPT (Threat-Led Penetration Testing) and resilience testing	Testing programme, TLPT readiness, scenario-based testing
ICT Third-Party Risk	Robust oversight of critical ICT third-party service providers	Vendor registers, contractual requirements, exit strategies
Information Sharing	Voluntary threat intelligence sharing arrangements	Sharing participation, protocols, legal framework

Starter

₹24,999 / $299

Professional

Most popular

₹74,999 / $899

Enterprise

Done-with-you

₹2,49,999 / $2,999

ISO 9001:2015 Quality Management Gap Analysis Toolkit

ISO 9001:2015 certification demonstrates a consistent ability to deliver products and services that meet customer and regulatory requirements. This toolkit assesses your Quality Management System across all 10 clauses and generates a clear roadmap to certification.

What the Toolkit Covers

All ISO 9001:2015 clauses — Context, Leadership, Planning, Support, Operation, Evaluation, Improvement
Customer focus and satisfaction measurement controls
Process approach and risk-based thinking assessment
Document and records control evaluation
Nonconformity and corrective action programme assessment
Automated compliance dashboard by clause with maturity ratings

Starter

₹9,999 / $129

Professional

Most popular

₹29,999 / $369

Enterprise

Done-with-you

₹99,999 / $1,249

ISO & Regulatory Implementation Toolkits — Turn Standards into Executable Plans

Implementation toolkits replace months of policy writing with audit-ready documentation that reflects real-world compliance programmes. Every toolkit is built by practitioners who have delivered the certification — not written from the standard alone.

ISO 27001:2022 Implementation Toolkit

The complete documentation library for achieving ISO 27001:2022 certification. Replaces months of policy writing with audit-ready templates that a qualified lead implementer would produce — structured for the actual certification audit.

Document Category	Documents Included
ISMS Foundation Documents	Information Security Policy, ISMS Scope Statement, Context of the Organisation worksheet, Interested Parties Register
Risk Management	Information Security Risk Assessment procedure, Risk Treatment Plan, Risk Register (Excel), Risk Acceptance criteria
Statement of Applicability	Pre-populated SoA template mapping all 93 Annex A controls with applicability justifications and implementation status
Leadership & Governance	Roles and Responsibilities matrix, Management Review agenda and minutes template, ISMS Objectives tracker
Operational Controls	Asset Inventory, Access Control Policy, Cryptography Policy, Physical Security Policy, Incident Response Policy & Procedure
Supplier & Third Party	Supplier Security Policy, Vendor Assessment Questionnaire, Supplier Agreement clauses, Supplier Performance Review template
Monitoring & Audit	Internal Audit Programme, Audit Checklist (Clauses 4–10 + Annex A), Nonconformity and Corrective Action Register
Business Continuity	Business Continuity Policy, BIA template, Business Continuity Plan, IT Disaster Recovery Plan
Training & Awareness	Staff Awareness Training presentation, Training Records register, Competence assessment template

Starter

Core documentation

₹34,999 / $429

Professional

Most popular — full toolkit

₹79,999 / $979

Enterprise

Done-with-you

₹2,49,999 / $2,999

ISO 9001:2015 Quality Management System Toolkit

What's Included

Quality Policy, Quality Manual, and ISMS Scope documentation
Process documentation templates — input, output, risk, and opportunity mapping
Customer satisfaction measurement and feedback procedures
Nonconformity and corrective action procedure and register
Internal audit programme, checklists, and findings tracker
Management review agenda, minutes, and performance reporting templates
Document and records control procedure

Starter

₹24,999 / $299

Professional

Most popular — full toolkit

₹59,999 / $729

Enterprise

Done-with-you

₹1,79,999 / $2,199

ISO 22301:2019 Business Continuity Management Toolkit

Everything an organisation needs to implement, document, and achieve ISO 22301 certification — from initial Business Impact Analysis through to BCP testing and certification audit preparation.

What's Included

Business Continuity Policy and BCMS Scope Statement
Business Impact Analysis (BIA) methodology and workbook
Business Continuity Risk Assessment and Risk Treatment Plan
Business Continuity Plans (BCPs) — modular template for critical functions
IT Disaster Recovery Plan template with RTO/RPO matrices
Crisis Communication Plan and stakeholder notification templates
BC exercise design templates — tabletop, walkthrough, and full simulation
Management review template, internal audit checklist, and improvement register

Starter

₹29,999 / $369

Professional

Most popular — full toolkit

₹74,999 / $919

Enterprise

Done-with-you

₹2,24,999 / $2,749

ISO 27701:2019 Privacy Information Management Toolkit

ISO 27701 extends ISO 27001 to cover privacy information management — making it the certification framework for organisations demonstrating GDPR, DPDP Act, and global privacy compliance. This toolkit provides the additional documentation required beyond your existing ISMS.

What's Included

Privacy Information Management System (PIMS) Policy and scope extension
Data Controller obligations documentation (ISO 27701 Annex B controls)
Data Processor obligations documentation (ISO 27701 Annex C controls)
Privacy Notice and Consent Management templates
Data Subject Access Request (DSAR) procedure and tracking register
Data Protection Impact Assessment (DPIA) procedure and template
Record of Processing Activities (ROPA) — structured Excel workbook
Cross-border data transfer assessment template

Starter

₹24,999 / $299

Professional

Most popular — full toolkit

₹64,999 / $799

Enterprise

Done-with-you

₹1,99,999 / $2,449

ISO 42001:2023 AI Management System (AIMS) Toolkit

ISO 42001:2023 is the world’s first AI management system standard — providing a framework for responsible development, deployment, and oversight of AI systems. As regulators accelerate AI governance requirements globally, this certification is becoming a competitive requirement for AI-enabled organisations.

What's Included

AI Management System (AIMS) Policy and scope documentation
AI Risk Assessment procedure and AI-specific risk register
AI Impact Assessment template — covering fairness, bias, transparency, and explainability
Roles and responsibilities for AI governance (AI Ethics Committee, AI Risk Owner, AI Developer)
AI Supplier and third-party assessment questionnaire
AI Incident and adverse event management procedure
Responsible AI principles documentation and deployment checklist
Internal audit checklist for ISO 42001 clauses and Annex A controls

Starter

₹29,999 / $369

Professional

Most popular

₹79,999 / $979

Complete AIMS documentation library
AI supplier assessment templates
AI incident management procedure
Responsible AI deployment checklist
EU AI Act alignment notes
60 days email support

Enterprise

Done-with-you

₹2,49,999 / $3,049

SOC 2 Compliance Toolkit (Trust Services Criteria)

SOC 2 is the de facto compliance certification for SaaS companies, cloud service providers, and technology businesses serving US enterprise customers. This toolkit gives you the policy documentation, control evidence templates, and audit preparation materials for both Type I and Type II readiness.

Trust Services Criteria	Documents Included
CC — Common Criteria (Security)	Information Security Policy, Access Control Policy, Encryption Policy, Change Management Procedure, Incident Response Plan
A — Availability	System Availability Policy, Disaster Recovery Plan, Monitoring and Alerting Procedure, Capacity Management
C — Confidentiality	Confidentiality Policy, Data Classification Policy, Non-Disclosure Agreement template, Sensitive Data Handling Procedure
PI — Processing Integrity	Input Validation Policy, Error Handling Procedure, Quality Assurance Checklist
P — Privacy	Privacy Notice, Consent Management Procedure, Data Retention Policy, DSAR Procedure

Starter

₹34,999 / $429

Professional

Most popular

₹89,999 / $1,099

Enterprise

Done-with-you

₹2,99,999 / $3,649

HIPAA Compliance Toolkit (2026 Edition — Incorporating 2025 HHS OCR Updates)

Updated for the January 2025 HHS OCR NPRM proposed amendments to the HIPAA Security Rule, this toolkit covers the documentation and policy requirements for covered entities and business associates operating under HIPAA.

What's Included

HIPAA Security Rule policies — Administrative, Physical, and Technical Safeguards
HIPAA Privacy Rule — Minimum Necessary standard, PHI handling, authorisation templates
Breach Notification procedure and breach risk assessment worksheet
Business Associate Agreement (BAA) template — 2025 edition
HIPAA Risk Analysis methodology and Risk Management Plan template
Workforce training programme outline and acknowledgement records
Incident response procedure for PHI breaches
2025 HHS OCR NPRM compliance readiness checklist — new 72-hour notification and enhanced security requirements

Starter

₹24,999 / $299

Professional

Most popular

₹64,999 / $799

Enterprise

Done-with-you

₹1,99,999 / $2,449

GDPR Compliance Toolkit (GDPR, UK GDPR & EU Data Act)

Complete documentation for GDPR compliance — covering the EU General Data Protection Regulation, UK GDPR (post-Brexit), and alignment with the EU Data Act. Suitable for data controllers and data processors in any jurisdiction handling EU or UK personal data.

What's Included

Privacy Policy template (GDPR-compliant, fully editable)
Data Protection Policy — internal governance document
Data Retention Policy and data lifecycle management schedule
Record of Processing Activities (ROPA) — structured Excel workbook
Data Subject Access Request (DSAR) procedure, template, and response tracker
Breach notification workflow — 72-hour reporting procedure for EU and UK supervisory authorities
Consent management templates — granular and specific consent records
Legitimate Interest Assessment (LIA) template
Data Protection Impact Assessment (DPIA) procedure and template
Vendor Data Processing Agreement (DPA) template — controller-to-processor
Standard Contractual Clauses (SCCs) implementation guidance — EU 2021 and UK IDTA

Starter

₹19,999 / $249

Professional

Most popular

₹64,999 / $799

Complete GDPR documentation library
Breach notification workflow
DPIA procedure and template
Vendor DPA template
Consent management templates
60 days email support

Enterprise

Done-with-you

₹1,99,999 / $2,449

DPDP Act 2023 Compliance Toolkit (Digital Personal Data Protection Act — India)

India’s Digital Personal Data Protection Act 2023 (DPDP Act) creates significant new obligations for Data Fiduciaries processing personal data of Indian residents. This toolkit provides the documentation framework for DPDP Act compliance — built for Indian organisations and global companies with India operations.

What's Included

Privacy Notice template — DPDP Act compliant, in plain language
Consent Management Framework — purpose-specific consent collection and records
Data Fiduciary obligations register — all duties under Section 8
Data Principal rights procedure — access, correction, erasure, and grievance redressal
Data Localisation assessment template
Cross-border transfer assessment — notified countries and conditions
Significant Data Fiduciary (SDF) obligations checklist
Data Protection Board complaint response procedure template
Third-party data processor and consent partner assessment template

Starter

₹14,999 / $179

Professional

Most popular

₹1,49,999 / $1,849

Enterprise

Done-with-you

₹1,49,999 / $1,849

PCI DSS v4.0 Compliance Toolkit

PCI DSS v4.0 (effective April 2024) introduces significant new requirements for cardholder data environment controls, authentication, and vulnerability management. This toolkit provides the policy documentation and compliance evidence templates for merchants and service providers at all merchant levels.

What's Included

PCI DSS v4.0 Cardholder Data Environment (CDE) scoping worksheet
Network segmentation controls documentation and review checklist
12 PCI DSS requirements policy templates — firewall, access control, encryption, monitoring
Self-Assessment Questionnaire (SAQ) preparation guides — SAQ A, A-EP, B, B-IP, C, D
Penetration testing scope and requirements template
Vulnerability management programme procedure
Incident response plan — payment card data breach response
PCI DSS v4.0 new requirements readiness checklist (Customised Approach and Targeted Risk Analysis)

Starter

₹19,999 / $249

Professional

Most popular

₹54,999 / $679

Enterprise

Done-with-you

₹1,74,999 / $2,149

Staff Awareness Training & E-Learning — Build a Culture of Compliance

Technical controls and documentation alone do not prevent breaches. The majority of security incidents involve a human action — phishing clicks, misconfigured systems, or data handling errors. These training programmes build the behaviour change that makes your controls effective. All programmes are delivered as editable PowerPoint (PPTX) presentations with facilitator notes, knowledge check questions, and completion acknowledgement forms. SCORM packages are available for LMS integration on request.

Programme	Duration	Target Audience	Frameworks Covered
ISO 27001 Staff Awareness	45–60 min	All staff, IT teams, management	ISO 27001:2022, ISO/IEC 27002:2022
GDPR & Data Protection Awareness	45 min	All staff handling personal data	GDPR, UK GDPR, DPDP Act
PCI DSS Staff Awareness	30–45 min	Finance, payment processing, retail staff	PCI DSS v4.0
Business Continuity Awareness	30 min	All staff, BCP team members	ISO 22301:2019
Artificial Intelligence (AI) Awareness	45–60 min	All staff, management, AI project teams	ISO 42001:2023, EU AI Act
ISO 9001 Quality Awareness	30 min	Operations, production, customer service	ISO 9001:2015
Cybersecurity Fundamentals	45–60 min	All staff — no technical knowledge assumed	NIST CSF, ISO 27001, general best practice

ISO 27001 Staff Awareness E-Learning Programme

Transforms the abstract requirements of ISO 27001 into practical behaviours every staff member can understand and apply — covering information security policies, acceptable use, asset handling, incident reporting, and social engineering awareness.

Module 1: Why Information Security Matters — threats, regulations, and organisational risk
Module 2: Your Responsibilities — acceptable use, password security, clean desk policy
Module 3: Data Classification and Handling — what is sensitive, how to protect it
Module 4: Phishing and Social Engineering — recognition and reporting procedures
Module 5: Incident Reporting — what counts as a security incident and how to report it
Module 6: Working Securely — remote work, BYOD, physical security
Knowledge check: 20 questions with answer rationale | Completion certificate template

Single Programme

One framework

₹14,999 / $179

Awareness Bundle

Any 3 Programmes

₹17,999 / $219

Complete Library

All 7 programmes

₹79,999 / $979

Books & Cyber Security Playbooks

Books, Playbooks & Incident Response Templates

Published Books

Digital Dragons and Defenders: A Mythic Approach to Cybersecurity

Written by Seven Step Consulting founder Ajai Kumar Srivastava and Sandeep Vashist, Digital Dragons and Defenders is a practitioner's guide to cybersecurity and GRC for business leaders, CISOs, and compliance professionals navigating the modern threat landscape. Available via major at our shop and online retailers.

Mind Your S.T.E.P.S™ – From Compliance to Trust

Written by Ajai Srivastava and Sandeep Vashist, Mind Your S.T.E.P.S™ introduces the S.T.E.P.S™ Governance Trust Cycle—a leadership-driven model that transforms governance from static obligation into living capability. . Available via Notion Press and major online retailers.

Soon to be available: The Seven Steps to Infosec Nirvana

The foundational book behind the Seven Step consulting methodology, updated with 2024–2025 case studies and statistics.

Essential Cybersecurity Incident Response Playbooks

Incident response playbooks give your team a step-by-step procedure to follow when a security incident occurs — eliminating the chaos of improvised response and ensuring regulatory notification timelines are met.

Playbook	What It Covers	Frameworks Aligned
Ransomware Incident Response	Detection, containment, evidence preservation, eradication, recovery, and ransom decision framework	NIST IR, ISO 27001 A.5.26, DORA
Phishing Attack Response	Identification, user isolation, mailbox analysis, credential reset, threat hunting, and user notification	ISO 27001, NIST CSF, PCI DSS
Data Breach Response	Breach identification, severity classification, 72-hour GDPR notification, DPDP Act reporting, affected party notification	GDPR Art. 33/34, DPDP Act, HIPAA
Insider Threat Management	Behavioural indicator identification, investigation protocol, HR coordination, evidence chain of custody, termination procedure	ISO 27001 A.6, NIST SP 800-53
DDoS Attack Response	Traffic analysis, ISP coordination, WAF and CDN activation, business continuity invocation, post-incident review	ISO 22301, NIST CSF, DORA

Single Playbook

₹14,999 / $179

Complete Playbook Library

All 5 playbooks

₹34,999 / $429

Complete Library

Cyber + Privacy + ISO

₹79,999 / $979

Essential Privacy & Data Protection Playbooks

Playbook	What It Covers
Data Protection Foundations Playbook	Privacy governance setup, DPO appointment, policy hierarchy, and data protection principles implementation
Data Mapping & ROPA Playbook	Step-by-step data mapping exercise, ROPA population, and ongoing maintenance procedure
Data Subject Rights (DSR) Playbook	End-to-end DSR handling — access, erasure, rectification, portability, objection — with response templates and timelines
Privacy Risk & DPIA Playbook	When to conduct a DPIA, screening criteria, DPIA methodology, risk mitigation, and DPA consultation procedure
Incident Response & Breach Management Playbook	Breach identification, severity rating, 72-hour GDPR notification, DPDP Act reporting, and affected party communication

Essential ISO Management System Playbooks

ISO 27001 ISMS Implementation Playbook — 90-day structured project plan
ISO 22301 BCMS Deployment Playbook — from BIA to certification-ready
ISO 9001 QMS Implementation Playbook — process mapping to first audit
ISO 27701 PIMS Extension Playbook — layering privacy onto your ISMS
ISO 42001 AIMS Governance Playbook — responsible AI deployment programme

Professional Services ( As a service)

Compliance Professional Services — Delivered by Seven Step Consulting Practitioners

Not every compliance need can be solved with a template. For organisations that need ongoing expert oversight, specialist advisory, or hands-on audit preparation, Seven Step Consulting offers retainer-based professional services delivered by the same practitioners who built the toolkits.

Service	Ideal For	Engagement Model
GDPR Data Protection Officer (DPO) as a Service	Organisations required to appoint a DPO under GDPR Article 37 — without hiring a full-time specialist	Monthly retainer — 20–40 hrs/month
DPDP Act DPO / Privacy Officer as a Service	Indian organisations managing personal data under the DPDP Act 2023 — ongoing compliance oversight	Monthly retainer — 15–30 hrs/month
Global Privacy-as-a-Service	Multi-jurisdiction privacy compliance management — GDPR, DPDP, CCPA, PDPA, and POPIA	Monthly retainer — scope-based
Virtual CISO (vCISO) as a Service	SMEs and growth-stage companies needing CISO-level security governance without the full-time cost	Monthly retainer — 20–40 hrs/month
Vendor Due Diligence as a Service	Organisations needing a repeatable, expert-led third-party risk assessment programme	Per-vendor or programme retainer
Audit Preparation Engagement	Organisations preparing for an external certification audit in ISO 27001, SOC 2, HIPAA, or GDPR	Fixed-scope engagement

GDPR Data Protection Officer (DPO) as a Service

Under GDPR Article 37, certain controllers and processors are legally required to appoint a qualified Data Protection Officer. Hiring a full-time DPO is expensive and often disproportionate for mid-market organisations. Our outsourced DPO service provides a named, qualified DPO to fulfil all legal obligations under GDPR and UK GDPR.

What the Service Includes

Named, qualified DPO registered with your supervisory authority as required
Article 39 tasks — advice, monitoring, training, and supervisory authority liaison
Monthly DPA compliance review and DPO report to management
DSAR handling support and escalation point
Incident response support — 72-hour breach notification assistance
Annual GDPR audit and compliance programme review
Response to supervisory authority enquiries and investigations

Virtual CISO (vCISO) as a Service

A virtual CISO provides CISO-level security leadership to organisations that need strategic oversight, board reporting, and programme governance — without the cost and commitment of a full-time hire. Ideal for Series A–C SaaS companies, regulated businesses, and organisations preparing for ISO 27001 or SOC 2 certification.

What the Service Includes

Monthly security programme review and CISO report to board or leadership team
Information security strategy and roadmap development
Risk register ownership and risk treatment oversight
Vendor security programme oversight and escalation
Incident response leadership — on-call availability during critical incidents
Certification programme oversight — ISO 27001, SOC 2, or HIPAA
Board-level security reporting and executive communication

Risk & Audit Diadnostics

Risk & Audit Diagnostics — Find Your Blind Spots Before the Auditor Does

Compliance is not a one-time project — it is a continuous cycle of risk identification, control validation, and improvement. These diagnostic tools give compliance teams, internal auditors, and risk managers the instruments to run that cycle efficiently.

Diagnostic Tool	What It Does	Best For
Information Security Risk Register	Structured Excel risk register with asset-threat-vulnerability-impact-likelihood scoring, risk heat map, and treatment tracking	ISO 27001 risk management, SOC 2 CC3
Internal Audit Checklist Suite	Clause-by-clause audit checklist for ISO 27001, ISO 22301, ISO 9001, and ISO 27701 — with findings grading and CAPA tracking	Internal audit teams, lead auditors
Vendor Risk Scorecard	Quantitative vendor risk scoring across security, privacy, financial, and operational dimensions — with risk tiering and ongoing monitoring tracker	ISO 27001 A.5.19, SOC 2 CC9, GDPR Art. 28
Compliance KPI & KRI Dashboard	Executive-ready compliance performance dashboard in Excel — tracks control effectiveness, audit findings, risk ratings, and regulatory deadlines	CISOs, compliance heads, board reporting
Penetration Testing Scope & Requirements	Structured scope definition, rules of engagement, and findings tracker for annual or event-driven penetration testing programmes	ISO 27001 A.8.8, PCI DSS Req. 11, SOC 2
Nonconformity & Corrective Action Register	ISO-aligned CAPA tracker with root cause analysis, corrective action planning, verification, and trend analysis	ISO 27001, ISO 9001, ISO 22301

Executive & Board Resources

Executive & Board Resources — Turn Cyber Risk into Business Decisions

Most compliance programmes fail not because of weak controls — but because leadership lacks clarity. Technical reports do not resonate in boardrooms. Metrics do not translate into business risk. Decisions get delayed.

These executive resources give CISOs, CROs, and compliance leaders the communication tools to translate complex security posture into business language that boards act on.

Resource Type	What’s Included	Who Uses It
Board-Level Security Presentation Decks	Pre-built board packs covering security posture, risk summary, compliance status, and key decisions required — in business language	CISOs presenting to boards and audit committees
Governance Handbooks	Roles and responsibilities, decision-making frameworks, policy hierarchy, and alignment to ISO, NIST, and global standards	CISOs, CROs, Legal and Compliance heads
ISO-Aligned Management Review Templates	Agenda, performance metrics, audit findings summary, objectives review, and improvement planning — ISO 27001 Clause 9.3 compliant	Compliance managers running management reviews
Executive Risk Dashboards	Real-time risk visualisation in Excel — business impact mapping, trend analysis, KRI tracking, and board-ready formatting	CROs, Risk committees, CFOs evaluating cyber risk
Compliance ROI Calculator	Financial model quantifying the cost of compliance vs cost of non-compliance (fines, breaches, lost contracts) — for budget justification	CISOs seeking security budget approval
Wisdom Code Leadership Book Series	Curated publications on AI governance, cyber risk, compliance leadership, and GRC strategy — for executive and board development	Board members, CXOs, senior compliance leaders

Starter

₹14,999 / $179

Professional

Most Popular

₹44,999 / $549

Enterprise

₹1,49,999 / $1,849

Partner, Vendor & Pranchise Tools

Partner, Vendor & Franchise Tools — Extend Trust Across Your Entire Ecosystem

Data breaches, compliance failures, and operational disruptions increasingly originate from third parties, vendors, and supply chain partners. Your compliance posture is only as strong as your weakest vendor. These tools give you a scalable, repeatable process for managing risk beyond your perimeter.

These executive resources give CISOs, CROs, and compliance leaders the communication tools to translate complex security posture into business language that boards act on.

Tool	What It Does	Aligned Frameworks
Vendor Security Assessment Questionnaire	Tiered questionnaire (critical / high / standard risk) for onboarding vendor security due diligence	ISO 27001 A.5.19, SOC 2 CC9, GDPR Art. 28
TPRM Lifecycle Templates	End-to-end third-party risk management — onboarding, classification, monitoring, and offboarding workflows	ISO 27001, SOC 2, NIST SP 800-161
Supplier Risk Scorecard	Quantitative risk scoring model with heatmap — for ranking vendors by risk and prioritising oversight effort	ISO 27001, DORA, SOC 2
Franchise Compliance Kit	Standardised compliance documentation for franchise networks — audit checklists, policy templates, and oversight framework	ISO 27001, ISO 9001, multi-jurisdiction
White-Label Documentation Packs	Fully brandable policy templates and toolkits for GRC consultants and MSPs deploying in client engagements	All supported frameworks
Consultant Starter Kit	White-label proposal template, scope of work, ISO 27001 gap assessment, and client onboarding checklist — for independent GRC consultants	ISO 27001, SOC 2, GDPR

Starter

₹19,999 / $249

Professional

Most Popular

₹59,999 / $729

Enterprise

₹1,99,999 / $2,449

Coming Soon - TCF Solutions Suite

The Assurance Engine: TCF Solutions Suite

From Manual Compliance to Continuous, AI-Powered GRC Automation

Spreadsheets, static templates, and periodic audits are no longer sufficient for organisations managing complex, multi-framework compliance programmes. The final step in the Seven Step journey is continuous, automated compliance assurance — where evidence is collected automatically, risks are monitored in real time, and audit readiness is a permanent state rather than a quarterly sprint.

TCF Solutions Suite is the GRC SaaS platform that operationalises everything your organisation has built through Steps 1–6 — and integrates with your existing technology stack to create a living, automated compliance programme.

These executive resources give CISOs, CROs, and compliance leaders the communication tools to translate complex security posture into business language that boards act on.

TCF Module	What It Does	Frameworks Covered
CompliFY	ISMS Continuous compliance monitoring — real-time control status tracking, automated evidence collection, and multi-framework policy management	ISO 27001, SOC 2, GDPR, HIPAA, DPDP, ISO 42001, DORA
To be launched this year
ContinuityPro AI	BCMS project management — structured implementation workspace, milestone tracking, document library, and audit preparation	ISO 27001, ISO 9001, ISO 22301, ISO 42001
Auditpro AI	AI-assisted audit management — automated audit scheduling, intelligent finding classification, CAPA tracking, and management review automation	All ISO management system standards
TPRMpro AI	AI-powered third-party risk management — vendor onboarding automation, continuous risk scoring, contract management, and supply chain monitoring	ISO 27001, SOC 2, DORA, GDPR Art. 28
Privacypro AI	Automated privacy programme management — ROPA automation, DSAR workflow management, DPIA tracking, and consent management	GDPR, DPDP Act, CCPA, UK GDPR

Everything you build today using Seven Step Shop resources is designed to integrate directly with TCF Solutions Suite. Your documentation is your foundation — TCF makes it live.

Join the TCF Solutions Suite Early Access Waitlist

Exclusive early previews and beta access
Influence the product roadmap — direct input sessions with the product team
Priority onboarding and early adopter pricing
First access to AI-assisted audit and evidence collection features

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Have any Questions?

Call Now

Compliance Toolkits, Gap Analysis Tools & GRC Templates | Seven Step Consulting Shop

Stop Managing Compliance. Start Owning It.

THE SEVEN STEPS — Navigation Framework

WHO USES THE SEVEN STEP SHOP

WHY THIS SHOP IS DIFFERENT

The Foundation Audit: Free Compliance & Risk Starter Kit

Know Exactly Where You Stand — Before You Spend Anything

Who should start with the Foundation Kit?

Gap Analysis Tools

Gap Analysis Tools — Know Your Compliance Gaps Before the Auditor Does

ISO 27001:2022 Gap Analysis Tool

What the Tool Covers

What You Get

Starter

Professional

Enterprise

Is this tool suitable for organisations that have never started an ISMS?

ISO 27701:2019 Gap Analysis Toolkit

What the Toolkit Covers

Starter

Professional

Enterprise

GDPR Gap Analysis Toolkit

What Makes This Toolkit Different

10 GDPR Compliance Domains Assessed

Starter

Professional

Enterprise

Business Continuity & Resilience Gap Analysis Toolkit

What the toolkit covers

Starter

Professional

Enterprise

DORA Gap Analysis Toolkit

Five DORA Pillars Assessed

Starter

Professional

Enterprise

ISO 9001:2015 Quality Management Gap Analysis Toolkit

What the Toolkit Covers

Starter

Professional

Enterprise

ISO & Regulatory Implementation Toolkits — Turn Standards into Executable Plans

ISO 27001:2022 Implementation Toolkit

Starter

Professional

Enterprise

ISO 9001:2015 Quality Management System Toolkit

What's Included

Starter

Professional

Enterprise

ISO 22301:2019 Business Continuity Management Toolkit

What's Included

Starter

Professional

Enterprise

ISO 27701:2019 Privacy Information Management Toolkit

What's Included

Starter

Professional

Enterprise

ISO 42001:2023 AI Management System (AIMS) Toolkit

What's Included

Starter

Professional

Enterprise

SOC 2 Compliance Toolkit (Trust Services Criteria)

Starter

Professional

Enterprise

HIPAA Compliance Toolkit (2026 Edition — Incorporating 2025 HHS OCR Updates)

What's Included

Starter

Professional

Enterprise

GDPR Compliance Toolkit (GDPR, UK GDPR & EU Data Act)

Stop Managing Compliance.
Start Owning It.