KapacyberKapacyber
Free Resources

Templates & checklists for owners and managers.

Free, vertical-specific tools you can actually use — drafted by the team that runs the security operations behind them. Drop your work email and they unlock immediately.

Interactive Tool · No Email Needed

WISP Readiness Check — score your cybersecurity in 5 minutes

Answer 10 plain-English questions and get an instant score, a risk tier, and a prioritised list of what to fix first — measured against the controls regulators, insurers, and auditors expect a WISP to cover. No sign-up, no download.

Take the free check
Auto Dealerships

FTC Safeguards Rule WISP Template — for Auto Dealerships

A written information security programme (WISP) template aligned to all nine FTC Safeguards Rule elements. Fill in the blanks, sign at the bottom, file it. Drafted for franchise dealerships and independent dealers.

  • Covers all 9 required FTC Safeguards elements
  • Plain-English template language you can adapt and adopt
  • Evidence checklist for each section — what to keep on file
  • Drafted for dealership realities — DMS, F&I, customer credit data
Get the template
Insurance Agencies

NAIC Model Law WISP Template — for Independent Insurance Agencies

A written information security programme (WISP) template aligned to the NAIC Insurance Data Security Model Law. Fill in the blanks, sign, file with your annual certification. Drafted for independent agencies, MGAs, and wholesale brokers.

  • Aligned to every NAIC Model Law control family
  • 72-hour Cybersecurity Event notification workflow built in
  • Evidence checklist for each section — what regulators and E&O carriers expect
  • Drafted for agency realities — AMS, carrier portals, commission flows, wholesalers
Get the template
Healthcare Practices

HIPAA Risk-Analysis Worksheet — for Medical & Dental Practices

The fillable risk-analysis worksheet OCR actually wants — ePHI inventory, threat-vulnerability mapping, likelihood and impact ratings, mitigation tracking, and a 9-step self-audit. Built for small and mid-size medical, dental, and specialty practices.

  • Built for §164.308(a)(1)(ii)(A) — OCR's most-cited deficiency
  • ePHI-location inventory pre-populated for typical practices
  • Threat → vulnerability → likelihood → impact → rating tables
  • 9-step OCR self-audit and Security Official sign-off block
Get the template
Tax Preparers & Accounting Firms

IRS Pub 4557 Security Six + FTC WISP Checklist — for Tax Preparers

The Security Six controls plus the nine FTC Safeguards WISP elements, in one fillable checklist. PTIN-renewal-ready attestation language, IRS Stakeholder Liaison contacts, and evidence checklists for every control. Drafted for solo preparers through 50-staff firms.

  • Covers IRS Pub 4557 Security Six AND all 9 FTC Safeguards WISP elements
  • PTIN-renewal attestation language ready to use
  • Tax-season risk register and incident-response contact table
  • Evidence checklist for every control — what to keep on file
Get the template
Veterinary Practices

Veterinary Practice Cyber-Readiness Checklist — PIMS & Insurer-Ready

A PIMS-ransomware-resistant baseline, the verification procedure that stops fake-distributor-invoice fraud, and a cyber-insurance questionnaire prep sheet in one fillable checklist. Built for practices without an IT department.

  • 8-control PIMS-ransomware-resistant baseline (Cornerstone, AVImark, ezyVet, ImproMed)
  • Distributor-invoice-fraud verification procedure and log
  • Cyber-insurer questionnaire prep across 6 control areas
  • Practice-owner sign-off and tabletop review log
Get the template
Emergency Response

Cyber Incident Response Card (Single-Page Emergency Reference)

A printable single-page emergency card — first steps, what NOT to do, key-contact slots to fill in, triage questions, and notification-window reminders. Designed for the first hour of an incident, when reading anything longer isn't happening.

  • First 5 things to do (isolate, document, alert, call carrier)
  • First 5 things NOT to do (don't pay, don't reboot, don't go off-panel)
  • 10 pre-filled contact slots — carrier, IR firm, breach counsel, backup vendor, MSSP, etc.
  • Notification windows reference (HIPAA, NAIC, SEC, GDPR, state laws)
Get the template
CMMC · DoD Subcontractors

CMMC Self-Assessment Worksheet (Level 1 + Level 2)

Fillable worksheet covering all 15 Level 1 practices with evidence prompts plus a Level 2 family-by-family SPRS scoring template. Print and complete, or import into your document management system.

  • All 15 FAR 52.204-21 Level 1 practices with FAR citations
  • Evidence prompts and notes fields for each practice
  • Level 2 family-by-family SPRS scoring template (110 controls)
  • Senior-official attestation block and legal-disclaimer footer
Get the template
Real Estate & Title

Real-Estate Closing Wire-Fraud Verification Procedure

The five-stage wire-fraud kill-chain controls, a printable buyer-side verification script, the brokerage / title-agency control stack, and ALTA Best Practices Pillar 3 attestation prompts for title agencies — in one adopted procedure.

  • Controls mapped to every stage of the 5-stage wire-fraud kill chain
  • Printable buyer-side verification script with red flags and IC3 reporting
  • 9-control brokerage and title-agency stack
  • ALTA Best Practices Pillar 3 attestation prompts for title agencies
Get the template

More templates and checklists in development — accounting, healthcare, insurance, veterinary, and real estate.

Want help operating the controls behind these templates?

Free 30-minute assessment — we map your environment to the gaps and hand you a one-page roadmap. No sales pressure.

Get Free Assessment