There are an increasing number of resources available to assist organizations developing their cyber risk management programmes. These extend from the well-known NIST series of standards from the US, to the lesser-known IT-Grundschutz guides from the German Federal Office for Information Security, or the Spanish Colección administración electronic tools such as MAGERIT(Methodology for Information Systems Risk Analysis and Management). Even the UN has data security standards developed for autonomous vehicles, which may provide baseline data security guidelines for those working within autonomous object developments.

The information, files and URL’s provided here are only intended to guide viewers towards the various sources of information freely available when building the relevant policies, procedures and frameworks for enhancing cyber threat resilience. The list is not exhaustive, nor necessarily current.

Quantar’s goal is to enhance any organizations’ capabilities in identifying, quantifying and managing cyber risks and collaborates with commercial and academic entities in developing appropriate software, systems, policies, procedures and frameworks with this goal as the objective.

Where viewers are aware of other sources they believe would assist other organizations, we welcome contact at the address below in order to update and/or add to the current list.


GDPR Master Document & Record Checklist

ISO27001 Master Document & Record Checklist


MAGERIT – version 3.0 Methodology for Information Systems Risk Analysis and Management: Book I – The Method

MAGERIT – version 2 Methodology for Information Systems Risk Analysis and Management II – Catalogue of Elements

MAGERIT – version 2 Methodology for Information Systems Risk Analysis and Management III – Techniques


Guide to Basic Protection based on IT-Grundschutz – 3 Steps to Information Security

BSI-Standard 200-2 IT-Grundschutz Methodology

BSI-Standard 200-3 IT-Grundschutz Risk Analysis

BSI-Standard 100-4 – Business Continuity Management

IT-Grundschutz Toolkit


Security Considerations in the System Development Life Cycle

NIST Security and Privacy Control Collaboration Index Template Word Doc

NIST Security and Privacy Control Collaboration Index Template XLS

NIST sp800-53r5-control-catalog XLS

NIST Reference Spreadsheet for the Workforce Framework for Cybersecurity  (NICE Framework) 800-181 R1

NIST SP800 List of Publications

FEDRAMP Documents & Templates

MIKE 2: Method for an Integrated Knowledge Environment


American Institute of Certified Public Accountants (AICPA)

Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy

Description Criteria for a Description of a Service Organization’s System in a SOC 2® Report

The Open Group

Open FAIR Model – The Open Group Standard Risk Analysis (O-RA), Version 2.0.1


COSO Internal Control Framework –Introductory training

COSO Internal Control — Integrated Framework Diagram


Guidelines for auditing management systems

Information technology — Security techniques — Information security risk management (Draft)

Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301 (Preview)

ISO2700X Family of Patents


Requirements and Security Assessment Procedures

PCI DSS Quick Reference Guide
Understanding the Payment Card Industry Data Security Standard version 3.2.1

PCI DSS v3.2.1 Template for Report on Compliance


Software Assurance Maturity Model – Assessment Toolkit

Opensource Vulnerability Scanners:

Opensource IDS:

United Nations

E/ECE/TRANS/505/Rev.3/Add.154 – Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system