Case studyFortune 100: 80% less compliance workRead the Story
RiskWatch

RiskWatch Content Library

Compliance answers, ready to download

Every checklist, sample report, and calculator the RiskWatch team has shipped, mapped to a real audit objective and updated for 2026. Pick a framework, grab the PDF, walk into your next audit prepared.

Browse all resourcesTalk to a compliance expert
20+
Free Resources
16
Framework Checklists
40+
Frameworks Covered
2026
Updated for

Trusted by 1,500+ risk and compliance teams

Aon
Bose
The Coca-Cola Company
Iberdrola USA
Johnson & Johnson
Pfizer
Puma North America
SeaWorld Entertainment
TE Connectivity
Aon
Bose
The Coca-Cola Company
Iberdrola USA
Johnson & Johnson
Pfizer
Puma North America
SeaWorld Entertainment
TE Connectivity
Why this library exists

Built from the same control library our customers ship audits with

RiskWatch maintains a continuous-compliance content library across 40+ regulatory frameworks. Every checklist, sample report, and worksheet you see here is sourced from the same authoritative library the platform uses to drive assessments at Stryker, TIAA, FirstEnergy, and over 250 other enterprises. No fluff, no generic templates. Each download maps to a specific control set, references the live regulation citation, and is reviewed each quarter against the source standard.

  • Authoritative

    Every checklist cites the underlying clause, 45 CFR 164, NIST SP 800-66 Rev 2, ISO 27001:2022 Annex A, PCI DSS v4.0, you name it.

  • Audit-ready

    Built to the same schema RiskWatch generates for board reports and OCR, PCI QSA, or SOC 2 Type II evidence packages.

  • Quarterly refresh

    Our framework analysts rev each asset when the source standard moves. Watermarked with the date so you know what you have.

Trending this quarter

The resources teams reach for first

ReportPDF · 35 pages

Sample Compliance + Risk Assessment Report

35-page anonymized RiskWatch assessment, executive summary, ASIS-aligned scoring, 26 findings, 25 prioritized recommendations. See what your board and auditor receive.

Physical SecurityASISBoard-ready
Get the sample report
CalculatorInteractive · ~3 min

Compliance Software ROI Calculator

Estimate the hours and dollars RiskWatch saves against spreadsheet-driven assessments. Plug in headcount, frameworks, audit cycles, get a defensible number for finance.

ROIBusiness caseFinance
Run the calculator
GuideReference · 30+ answers

RiskWatch Platform FAQ

30+ answers covering pricing, implementation timelines, framework coverage, integrations, SOC 2 security posture, and customer support, all in one searchable page.

Buyer's guidePricingImplementation
Read the FAQ
GuideReference · 40+ frameworks

Compliance Frameworks Hub

One map of every framework RiskWatch covers, ISO 27001, SOC 2, HIPAA, PCI DSS, GDPR, NIST 800-53, CMMC, CCPA, plus the cross-mapping between them.

FrameworksCross-mappingReference
Open the hub
GuideEditorial

RiskWatch Blog

Practitioner-grade writing on continuous compliance, vendor risk, audit prep, and the changing regulatory landscape, by the team that built the platform.

EditorialIndustry insight
Read the blog
ChecklistPDF · 24 pages

HIPAA Security Rule Compliance Checklist

Every Administrative, Physical, and Technical Safeguard from 45 CFR 164 Subpart C, plus NIST SP 800-66 Rev 2 implementation prompts and a Business Associate cascade.

HIPAAHealthcareNIST 800-66
Get the checklist
ChecklistPDF · ISO 27001:2022

ISO 27001:2022 Compliance Assessment Checklist

All 93 Annex A controls from ISO 27001:2022, mapped to clauses 4 to 10 of the ISMS, with evidence prompts and a Statement of Applicability worksheet.

ISO 27001ISMSAnnex A
Get the checklist
ChecklistPDF · TSC mapped

SOC 2 Compliance Assessment Checklist

AICPA Trust Services Criteria coverage for Security, Availability, Confidentiality, Processing Integrity, and Privacy, with a Type II readiness scoring sheet.

SOC 2AICPAType II
Get the checklist
ChecklistPDF · PCI DSS v4.0

PCI DSS v4.0 Compliance Assessment Checklist

All 12 PCI DSS v4.0 requirements with sub-requirement prompts, customized approach worksheet, and SAQ-A through SAQ-D scoping notes.

PCI DSSCard dataQSA
Get the checklist
ChecklistPDF · 11 chapters

GDPR Compliance Assessment Checklist

Article-by-article coverage of GDPR Chapters I to XI, with a record-of-processing template, lawful-basis worksheet, and DPIA trigger matrix.

GDPRData protectionEU
Get the checklist
ChecklistPDF · 110 controls

NIST 800-171 Compliance Assessment Checklist

All 110 security requirements across the 14 control families, mapped to CMMC Level 2 with a System Security Plan starter and POA&M template.

NIST 800-171CMMCDefense
Get the checklist
ChecklistPDF · SOX 302/404

SOX Compliance Assessment Checklist

Sarbanes-Oxley Section 302 and 404 controls, ITGC walkthroughs, ICFR scoping notes, and a deficiency classification worksheet for management's quarterly assertion.

SOXITGCICFR
Get the checklist
ChecklistPDF · CCPA + CPRA

CCPA / CPRA Compliance Assessment Checklist

California Consumer Privacy Act and CPRA amendments, consumer-rights workflow, opt-out signal handling, and a sensitive personal information disclosure template.

CCPAPrivacyCalifornia
Get the checklist
ChecklistPDF · NIST 800-53

FISMA Compliance Assessment Checklist

FISMA control baseline aligned to NIST SP 800-53 Rev 5, ATO-ready evidence prompts, system categorization worksheet, and continuous-monitoring schedule.

FISMAFederalNIST 800-53
Get the checklist
ChecklistPDF · SIG-Lite aligned

Vendor Risk Assessment Checklist

Third-party due diligence questionnaire, criticality scoring matrix, SIG-Lite aligned control set, and an annual reassessment cadence template.

Vendor riskTPRMDue diligence
Get the checklist
ChecklistPDF · TCPA + FCC

TCPA Compliance Assessment Checklist

Telephone Consumer Protection Act controls for outbound calling and SMS, prior-express-consent records, DNC scrubbing cadence, and revocation handling.

TCPAConsumer protectionCall centers
Get the checklist
ChecklistPDF · GMP/GLP/GCP

GxP Compliance Assessment Checklist

Good Practice quality guidelines for life-sciences, GMP, GLP, GCP, GDP, with 21 CFR Part 11 electronic-records prompts and a CSV validation worksheet.

GxPPharma21 CFR Part 11
Get the checklist
ChecklistPDF · NIST CSF 2.0

Cyber Security Assessment Checklist

NIST Cybersecurity Framework 2.0 aligned, Govern, Identify, Protect, Detect, Respond, Recover, with a tabletop scenario library and incident-response playbook.

CybersecurityNIST CSFIncident response
Get the checklist
ChecklistPDF · ASIS-aligned

Physical Security Assessment Checklist

ASIS Facility Physical Security Control Standards aligned, perimeter, access, surveillance, environmental, and personnel safety, scored by criticality.

Physical SecurityASISFacilities
Get the checklist
ChecklistPDF · OSHA-aligned

Workplace Violence Prevention Checklist

OSHA-aligned violence prevention controls, threat-assessment team charter, incident-reporting workflow, and a high-risk-industry escalation matrix.

Workplace violenceOSHAHR
Get the checklist
ChecklistPDF · BCP-aligned

Pandemic Preparedness Checklist

Business-continuity-grade pandemic and infectious-disease controls, originally built for COVID-19 and updated annually, sanitation, distancing, remote-work readiness.

PandemicBusiness continuityHealth
Get the checklist
ChecklistPDF · Buyer's guide

Free Risk Management Software Buyer's Guide

How to scope, shortlist, and evaluate risk management platforms without getting trapped in feature theatre. Includes a 40-question RFP starter and a TCO worksheet.

Buyer's guideRFPProcurement
Get the guide

Showing 22 of 22 resources.

Get new resources monthly

One short email when we publish a new checklist

Roughly one email a month, never more. New framework checklists, updated control mappings, and the occasional sample audit walkthrough. Unsubscribe in one click.

No spam. No third-party sharing. Reviewed by the RiskWatch security team.

Ready for the full platform

Run the same assessments live, with audit history attached

Free downloads are a great start. RiskWatch automates the rest, evidence collection, control cross-mapping across frameworks, scheduled reassessments, and board-ready reports.

Book a 30-min demoSee the sample report

Or call US: +1 941-500-4525

Request a Demo