Policy Packs

Policy Packs: The compliance toolkit designed for MSPs

Audit-ready, foolproof, and industry-tailored — check, check, and check. Meet our Policy Packs. These collections of documents outline the policies and procedures your clients need to guide actions and decisions. Covering key topics such as ethics, security, compliance, and privacy, the Policy Packs leverage documentation as code, guaranteeing documents are up-to-date, version-controlled, and easily editable. With controls built into the setup, you can rest assured every required step is actually performed. Whether your clients operate in healthcare, defense, CMMC, finance, or another industry, the packs can be tailored to meet their needs. As a final touch, each pack features pointed “how to’s” because you deserve to feel the impact of our two decades of expertise.

Every document, ready for auditors.

Become a Compliance Scorecard Plus member and start taking advantage of our Policy Packs.

Sign Up Now
Learn More

The HIPAA Pack

The HIPAA Pack equips you with all the essential policies and standard operating procedures (SOPs) you need to comply with the Health Insurance Portability and Accountability Act (HIPAA). This comprehensive toolkit helps you safeguard protected health information (PHI) by outlining clear guidelines for handling patient data securely, protecting privacy rights, and more.

What's included
  • 10 Starter Policy Documents
  • Upgrades based on framework changes
  • Deployment to your Policy Scorecard* library repository
Documents in this pack.

With the HIPAA Policy Pack, you get:

  • Privacy Policy: Outlines how PHI is collected, used, disclosed, and safeguarded.
  • Security Policy: Specifies the safeguards in place to protect PHI from unauthorized access, use, or disclosure.
  • Risk Analysis and Management Policy: Describes how risks to PHI are identified and managed.
  • Breach Notification Policy: Specifies how breaches of PHI are reported and managed.
  • Contingency Planning Policy: Outlines how PHI is backed up, how PHI is accessed in emergency situations, and how systems are restored after an outage.
  • Employee Training and Awareness Policy: Outlines the training and awareness program for employees on HIPAA rules and regulations.
  • Business Associate Agreement Policy: Outlines the requirements and responsibilities for third-party vendors and contractors who handle PHI.
  • Access Controls Policy: Describes the controls in place to limit access to PHI to authorized individuals.
  • Incident Response Policy: Outlines how incidents involving PHI are detected, assessed, and managed.
  • Audit Controls Policy: Describes the auditing process to ensure compliance with HIPAA regulations.

FTC Safeguard Pack

The FTC Policy Pack provides a clear roadmap for your employees and contractors. This collection of documents outlines the specific behaviors and decisions necessary to comply with Federal Trade Commission (FTC) rules and regulations.

What's included
  • 10 Starter Policy Documents
  • Upgrades based on framework changes
  • Deployment to your Policy Scorecard* library repository
Documents in this pack

Written Information Security Policy (WISP) considering the following:

  • Access Control Policy and Procedures: Specifies controls for limiting access to systems and data.
  • Authentication and Authorization Policy and Procedures: Outlines how users are identified and authorized to access resources.
  • Change Management Policy and Procedures: Specifies how changes to systems and data are managed and controlled.
  • System Monitoring and Auditing Policy and Procedures: Describes how system activity is monitored and audited.
  • Privacy and Confidentiality Policy: Outlines how personal information is protected and used.
  • Security Risk Assessments Policy and Procedures: Describes how risks to personal information are identified and managed.
  • Acceptable Use Policy: Outlines acceptable use of company systems and data by employees.
  • Security Awareness Training Policy: Describes the requirements for employee security training and awareness.
  • Data Governance Policy and Procedures: Outlines how data is collected, stored, processed, and used.
  • Incident Response Plan: Outlines the steps to be taken in the event of a security incident or breach.

NIST CSF PACK

The NIST CSF Pack (National Institute of Standards) features a collection of policies, procedures, and guidelines that can be used to implement and maintain a compliance program.

What's included
  • 22 Starter Policy Documents
  • Upgrades based on framework changes
  • Deployment to your Policy Scorecard* library repository
Documents in this pack

With the NIST CSF Pack, you get:

  • Access Control Policy and Procedures: Specifies controls for limiting access to systems and data.
  • Acceptable Use Policy: Outlines acceptable use of company systems and data by employees.
  • Audit Controls Policy: Describes the auditing process to ensure compliance with HIPAA regulations.
  • Authentication and Authorization Policy and Procedures: Outlines how users are identified and authorized to access resources.
  • Change Management Policy and Procedures: Specifies how changes to systems and data are managed and controlled.
  • Contingency Planning Policy: Outlines how PHI is backed up, how PHI is accessed in emergency situations, and how systems are restored after an outage.
  • Identification and Authentication Policy: Defines rules and procedures for verifying and granting access to information systems and resources.
  • Incident Response Plan: Outlines the steps to be taken in the event of a security incident or breach.
  • System Monitoring and Auditing Policy and Procedures: Describes how system activity is monitored and audited.
  • Privacy and Confidentiality Policy: Outlines how personal information is protected and used.
  • Security Risk Assessments Policy and Procedures: Describes how risks to personal information are identified and managed.
  • Security Awareness Training Policy: Describes the requirements for employee security training and awareness.
  • Data Governance Policy and Procedures: Outlines how data is collected, stored, processed, and used.
  • Maintenance Policy: Specifies how systems and equipment are maintained.
  • Media Protection Policy: Outlines how media containing sensitive information is protected.
  • Personnel Security Policy: Outlines the requirements and processes for personnel background checks and clearances.
  • Physical and Environmental Protection Policy: Describes the controls in place to protect physical assets and the environment.
  • Risk Assessment Policy: Describes the process for identifying and assessing risks to systems and data.
  • Risk Management Policy: Outlines how risks to systems and data are managed and controlled.
  • Security Awareness and Training Policy: Describes the requirements for employee security training and awareness.
  • System and Communications Protection Policy: Specifies the controls in place to protect systems and communications.
  • System and Information Integrity Policy: Outlines the requirements for protecting the integrity and availability of information and systems.

CMMC PACK

Our CMMC Pack helps defense contractors meet the CMMC/NIST SP 800-171 Cybersecurity Maturity Model Certification.

What's included
  • 20 Starter Policy Documents
  • Upgrades based on framework changes
  • Deployment to your Policy Scorecard* library repository
Documents in this pack
  • Asset Management Policy: Describes the policies and procedures for managing assets.
  • Password Policy: Outlines the requirements for creating and managing passwords.
  • Privacy Policy: Describes how personal information is collected, used, and disclosed.
  • Remote Access Policy: Outlines the requirements for accessing systems and data remotely.
  • User Account Creation: Outlines the process for creating and managing user accounts.
  • Work From Home Policy: Outlines the requirements and policies for working from home.
  • Access Control Policy: Describes the requirements and procedures for controlling access to systems and data.
  • Awareness and Training Security Awareness and Training Policy: Outlines the requirements and procedures for employee security awareness and training.
  • Configuration Management Policy: Describes the policies and procedures for managing system configurations.
  • Maintenance Policy: Describes the policies and procedures for maintaining systems and equipment.
  • Physical Environmental Protection Policy: Outlines the requirements for protecting the physical environment.
  • Physical Protection Policy: Outlines the policies and procedures for protecting physical assets.
  • Risk Assessments Risk Management Policy: Describes the process for identifying and managing risks.
  • Security Assessment Policy: Outlines the requirements and procedures for security assessments.
  • System and Communications Protection Policy: Describes the controls in place to protect systems and communications.
  • System and Information Integrity Policy: Outlines the requirements for protecting the integrity and availability of information and systems.
  • Audit and Accountability Policy: Outlines the requirements for auditing and accountability.
  • Identification and Authentication Policy: Outlines the requirements for identifying and authenticating users.
  • Media Protection Policy: Outlines the policies and procedures for protecting media containing sensitive information.
  • Personnel Security Policy: Outlines the requirements and processes for personnel security.
  • Access Control SOP: Procedures for controlling access to systems and data.
  • Asset Management SOP: Procedures for managing assets.
  • Audit Logging SOP: Procedures for logging and monitoring system activities.
  • Configuration Management SOP: Procedures for managing system configurations.
  • Incident Response SOP: Procedures for responding to security incidents.
  • Information Protection SOP: Procedures for protecting sensitive information.
  • Malware Protection SOP: Procedures for protecting against malware.
  • Media Protection SOP: Procedures for protecting media containing sensitive information.
  • Password Management SOP: Procedures for managing passwords.
  • Physical Protection SOP: Procedures for protecting physical assets.
  • Risk Assessment SOP: Procedures for identifying and assessing risks.
  • Security Assessment SOP: Procedures for assessing security controls and processes.
  • Security Awareness and Training SOP: Procedures for security awareness and training.
  • System Maintenance SOP: Procedures for maintaining systems and equipment.
  • Third-Party Management SOP: Procedures for managing third-party risks.
  • Vulnerability Management SOP: Procedures for identifying and managing vulnerabilities.
  • Workforce Management SOP: Procedures for managing personnel security.

Contact us for more information

This field is for validation purposes and should be left unchanged.
Name(Required)
Are you doing compliance work for your clients?(Required)

Policy Pack(Required)
Consent(Required)
❓ What happens when I submit this form?

📋 Here's what to expect:

✅ Immediate Next Steps
  • You'll receive a confirmation email with your requested information
  • You'll be added to our newsletter for industry insights and updates
  • Our team will follow up via email and phone within 1-2 business days
⚠️ Important Requirements
  • Business email required: Please use your company email domain (Gmail, Outlook, Yahoo, and other personal email providers are not accepted)
  • Valid contact information: Incomplete or invalid phone numbers/emails will be automatically rejected
  • MSP/Service Providers only: This form is specifically for Managed Service Providers and IT service companies
💡 Pro Tip

Double-check your contact information! Your requested materials will be sent to the email address you provide, and we'll use your phone number to discuss how we can support your business.

Questions? We're here to help! Reach out anytime.