Compliance Essentials
Multi-domain compliance coverage: data privacy, incident response, BCP/DR, and SOC 2 — 43% off.
Price
$169
Individually $296 — save 43%
Delivered immediately after checkout — your template and guide links are emailed to you with your receipt.
Used by compliance teams at banks, fintechs, and asset managers
◆ Quick buying summary
What you get and when you can use it
- Good fit if
- You're preparing for a SOC 2 Type 1 or Type 2 audit and need to close gaps across incident response and BCP
- Format
- Editable workbook plus PDF/supporting guide materials where included. Instant download after checkout.
- Time to value
- Start reviewing, editing, and assigning owners the same day; customize to your organization before sharing outputs externally.
- After purchase
- After checkout, your templates and guides are available immediately and the download link is sent to your email with your Stripe receipt. No account required.
◆ What's included
- ◆ Data Privacy Compliance Kit
- ◆ Incident Response & Breach Notification Kit
- ◆ Business Continuity & Disaster Recovery (BCP/DR) Kit
- ◆ SOC 2 Compliance Checklist
Use rights: customize for internal business use and use outputs with your auditors, customers, bank partners, and regulators. Do not resell or redistribute the template files.
◆ What's in the bundle
Products in this bundle.
Template
Data Privacy Compliance Kit
Multi-state privacy compliance templates covering 19 state laws plus GLBA and CCPA.
View →
Template
Incident Response & Breach Notification Kit
Step-by-step incident response playbooks and breach notification templates for all 50 states.
View →
Template
Business Continuity & Disaster Recovery (BCP/DR) Kit
BCP and DR templates with BIA, recovery procedures, and a standalone tabletop exercise kit.
View →
Template
SOC 2 Compliance Checklist
151 controls mapped to AICPA Trust Services Criteria with evidence collection guidance.
View →
◆ FAQ
Frequently asked questions.
Why do these 4 domains get bundled together?
Data privacy, incident response, BCP/DR, and SOC 2 are interconnected in practice. Your incident response plan should reference your data privacy notification procedures. Your BCP should document the recovery requirements for systems in scope for SOC 2. Your SOC 2 audit will review your incident response and BCP as part of the Availability and Privacy Trust Service Criteria. Having consistent, professionally documented programs across all 4 avoids gaps that show up during audits.
Do these templates cross-reference each other?
Yes, intentionally. The incident response plan includes a section on breach notification that references the Data Privacy Kit's state notification matrix. The BCP template references SOC 2 Availability controls as recovery requirements. The SOC 2 checklist maps to incident response and BCP procedures as evidence for Availability criteria. They're designed to read as one coherent compliance program.
Is this bundle appropriate for a fintech preparing for its first SOC 2 audit?
Yes — and for most first-time SOC 2 engagements, having strong data privacy, incident response, and BCP documentation materially reduces audit gaps, particularly for the Availability and Privacy Trust Service Criteria. Auditors will ask to see your incident response plan and BCP as part of SOC 2 fieldwork.
Does this bundle cover all 50 states for breach notification?
Yes. The Incident Response & Breach Notification Kit includes the complete all-50-states-plus-DC notification requirements matrix, covering deadlines, thresholds, and notification authorities for every US jurisdiction.
What if I only need 2 or 3 of these 4 products?
The bundle saves you 43% vs. buying all 4 individually ($296 vs. $169). If you only need 2 products, buying individually is more economical. If you need 3 out of 4, the bundle likely still makes sense given the 43% savings — and the 4th product will probably become useful when a bank partner or auditor asks about it.
Can I share completed outputs externally?
Yes. You can use completed outputs with auditors, customers, bank partners, regulators, and internal stakeholders. Customize the template for internal business use — just don't resell or redistribute the source template files.
How do I receive the files?
Checkout is handled through Stripe. After purchase, you receive the template and guide download link immediately on the confirmation page and by email, along with your Stripe receipt. No account is required.
What if it's not a fit?
Email within 30 days for a full refund, no questions asked. The guarantee is meant to remove purchase risk while you evaluate whether the template fits your use case.
● First-time buyer offer
Get 20% off your first template.
Drop your email and we'll send the code.
◆ Not ready to buy?
Start with the free Risk Register.
141 pre-populated fintech risks across 21 categories. ISO 31000 structure.
Download free Risk Register →◆ Ready when you are
Get the Compliance Essentials.
Start building a defensible risk program today.