Home / Help Center / CyberPolicyPilot
Showing 20 articles in CyberPolicyPilot

Getting Started with CyberPolicyPilot

A comprehensive guide to get started with CyberPolicyPilot - your AI-powered cybersecurity compliance platform.
5 min read 12,340 views

Welcome to CyberPolicyPilot

CyberPolicyPilot is an AI-powered cybersecurity compliance platform that automates policy generation, compliance assessment, and regulatory reporting. Whether you're a startup preparing for SOC 2 or an enterprise managing multi-framework compliance, CyberPolicyPilot simplifies the entire process.

Key Features

  • AI Policy Generation: Generate 9 types of production-ready cybersecurity policies using AI
  • 18+ Compliance Frameworks: Assess controls against ISO 27001, SOC 2, NIST CSF, GDPR, HIPAA, PCI DSS, and more
  • Gap Analysis: Identify compliance gaps with visual matrices and AI-powered remediation recommendations
  • Executive Reporting: Auto-generate audit-ready reports with PDF/DOCX export
  • Team Collaboration: Role-based access with Owner, Contributor, and Viewer roles
  • Cloud Integrations: Connect AWS, Azure, GCP, Okta, and GitHub for automated evidence collection
  • Risk Register: Track and manage organizational risks with severity ratings

Getting Started Steps

  1. Sign up at CyberPolicyPilot and create your organization
  2. Select your target compliance frameworks
  3. Generate your first AI-powered policy
  4. Begin assessing controls against your chosen frameworks
  5. Invite team members and assign roles
Tip: Start with a single framework (like ISO 27001 or SOC 2) and expand to additional frameworks once you're comfortable with the platform.

How Do I Create My First Compliance Policy?

Step-by-step guide to generating your first AI-powered cybersecurity policy in CyberPolicyPilot.
4 min read 10,890 views

Available Policy Types

CyberPolicyPilot can generate 9 types of cybersecurity policies:

  • Information Security Policy
  • Access Control Policy
  • Password Policy
  • Incident Response Policy
  • Data Protection Policy
  • Backup & Recovery Policy
  • Acceptable Use Policy
  • Vendor Security Policy
  • Risk Management Policy

Creating a Policy

  1. Navigate to Policies from the sidebar
  2. Click "Generate New Policy"
  3. Select the policy type you need
  4. Enter your organization details (industry, size, region)
  5. Select applicable regulatory frameworks
  6. Click "Generate with AI"
  7. Review the generated policy in the rich text editor
  8. Customize sections as needed and click "Save"
Tip: The AI generates policies tailored to your industry and regulatory requirements. The more details you provide about your organization, the more relevant the policy will be.

What Compliance Frameworks Are Supported?

Complete list of 18+ compliance frameworks supported by CyberPolicyPilot with 200+ security controls.
4 min read 9,670 views

International Frameworks

  • ISO 27001: Information security management system standard
  • SOC 2: Service organization controls for trust principles
  • NIST CSF: Cybersecurity framework by NIST
  • GDPR: General Data Protection Regulation (EU)
  • HIPAA: Health Insurance Portability and Accountability Act
  • PCI DSS: Payment Card Industry Data Security Standard
  • NIS2: Network and Information Security Directive (EU)
  • CIS Controls v8: Center for Internet Security critical controls
  • Cyber Essentials Plus: UK government-backed certification
  • Essential Eight: Australian Cyber Security Centre strategies

Industrial/OT Frameworks

  • IEC 62443: Industrial automation and control systems security
  • NERC CIP: North American Electric Reliability Corporation
  • NIST 800-82: Guide to ICS security

India-Specific Frameworks

  • DPDPA: Digital Personal Data Protection Act
  • CERT-In: Indian Computer Emergency Response Team directives
  • RBI: Reserve Bank of India cybersecurity framework
  • SEBI: Securities and Exchange Board of India guidelines
  • IRDAI: Insurance Regulatory and Development Authority
Tip: You can assess controls against multiple frameworks simultaneously. CyberPolicyPilot maps overlapping controls across frameworks to reduce duplicate work.

How Does AI Policy Generation Work?

Understand the AI technology behind CyberPolicyPilot's policy generation and how to get the best results.
3 min read 8,450 views

AI-Powered Generation

CyberPolicyPilot uses Google Gemini AI (with OpenAI and self-hosted Ollama as fallback options) to generate comprehensive, production-ready cybersecurity policies.

How It Works

  1. Context Gathering: The AI analyzes your organization's industry, size, and regulatory requirements
  2. Framework Mapping: It maps applicable compliance controls to policy sections
  3. Content Generation: The AI writes comprehensive policy content with proper structure
  4. Customization: You review and edit using the built-in rich text editor

Tips for Best Results

  • Provide accurate organization details (industry, employee count, data types handled)
  • Select all applicable regulatory frameworks
  • Review and customize the generated content for your specific environment
  • Use version control to track changes over time

AI Generation Limits

  • Community (Free): 10 AI generations (lifetime)
  • Starter: 50 AI generations per month
  • Growth & Enterprise: Unlimited AI generations
Tip: All generated policies are encrypted at rest using AES-128 encryption and are only accessible by authorized users within your organization.

How Do I Assess Controls Against a Framework?

Learn how to evaluate your organization's security controls against compliance framework requirements.
5 min read 7,890 views

Starting an Assessment

  1. Go to Compliance from the sidebar
  2. Select the framework you want to assess (e.g., ISO 27001)
  3. You'll see a list of all controls for that framework
  4. Click on a control to begin assessment

Maturity Levels

Rate each control on a 5-level maturity scale:

  • Level 1 - Initial: Ad hoc, no formal process
  • Level 2 - Developing: Some processes documented
  • Level 3 - Defined: Formal processes in place
  • Level 4 - Managed: Measured and monitored
  • Level 5 - Optimized: Continuous improvement

Adding Evidence

For each control, you can:

  • Upload evidence files (documents, screenshots, exports)
  • Add notes and observations
  • Link to related policies
  • Set the target maturity level

Assessment Campaigns

Create assessment campaigns to assign controls to team members with deadlines. Track progress from the campaign dashboard and use review workflows for approval.

Tip: Use assessment campaigns to distribute work across your team. Assign specific controls to subject matter experts for more accurate assessments.

Understanding the Compliance Dashboard

Navigate the compliance dashboard to view scores, trends, and overall compliance posture at a glance.
4 min read 7,230 views

Dashboard Overview

The compliance dashboard provides a real-time view of your organization's compliance posture with interactive charts and metrics.

Key Metrics

  • Overall Compliance Score: Weighted percentage across all assessed frameworks
  • Framework Scores: Individual compliance percentage per framework
  • Control Status: Breakdown of controls by verification status
  • Risk Overview: Summary of open risks by severity
  • Trend Analysis: 12-month compliance score history

Verification Statuses

The unified verification view shows 9 statuses:

  • Verified: Control confirmed by both manual and automated assessment
  • Conflict: Manual and automated results disagree
  • Manual Only: Assessed manually, no automation connected
  • Auto Only: Automated scan result, not manually verified
  • In Progress: Assessment underway
  • Failing: Control does not meet requirements
  • Partial: Some sub-controls met, others pending
  • Not Started: Assessment not yet begun
  • N/A: Control not applicable to your organization
Tip: Use the compliance trend analysis to track improvement over time and demonstrate progress to auditors and stakeholders.

How Do I Use the Gap Analysis Feature?

Identify compliance gaps and get AI-powered remediation recommendations to close them efficiently.
4 min read 6,780 views

Accessing Gap Analysis

  1. Navigate to Compliance > Gap Analysis
  2. Select the framework to analyze
  3. The visual gap matrix displays all controls below target maturity

Understanding the Gap Matrix

The gap matrix visualizes:

  • Current Maturity: Your assessed maturity level for each control
  • Target Maturity: The desired maturity level
  • Gap Size: Difference between current and target (color-coded by severity)
  • Risk Weight: Priority score based on control importance

AI Remediation Recommendations

For each identified gap, CyberPolicyPilot provides:

  • Specific action items to close the gap
  • Priority ranking by severity and risk weight
  • Estimated effort and resource requirements
  • Links to relevant policies and best practices

Compliance Roadmap

The gap analysis generates an actionable compliance roadmap that prioritizes remediation efforts based on risk and impact. Export this as a report for stakeholder review.

Tip: Focus on high-risk, high-gap controls first. The AI recommendations are ranked by severity to help you prioritize effectively.

How Do I Export Policies as PDF or DOCX?

Export your compliance policies and reports in professional PDF or DOCX format with white-label branding.
3 min read 6,450 views

Exporting a Single Policy

  1. Open the policy you want to export
  2. Click the Export button in the top toolbar
  3. Choose format: PDF or DOCX
  4. Configure branding options (logo, colors, headers/footers)
  5. Click "Download"

Bulk Export

Export multiple policies at once:

  1. Go to Policies list view
  2. Select multiple policies using checkboxes
  3. Click "Bulk Export"
  4. Choose format and branding
  5. A ZIP file containing all policies will be downloaded

White-Label Branding

  • Upload your organization's logo
  • Set custom header and footer text
  • Choose brand colors for the cover page
  • Add custom disclaimers or confidentiality notices
Tip: Set up your branding once in Organization Settings. It will be applied automatically to all future exports.

How Do I Set Up Two-Factor Authentication (2FA)?

Secure your account with TOTP-based two-factor authentication and backup codes.
3 min read 5,890 views

Enabling 2FA

  1. Go to Settings > Security
  2. Click "Enable Two-Factor Authentication"
  3. A QR code will be displayed
  4. Scan the QR code with an authenticator app (Google Authenticator, Authy, Microsoft Authenticator)
  5. Enter the 6-digit verification code from the app
  6. Click "Verify and Enable"

Backup Codes

After enabling 2FA, you'll receive backup codes:

  • Save these codes in a secure location (password manager, printed copy)
  • Each backup code can only be used once
  • Use a backup code if you lose access to your authenticator app
  • You can regenerate new backup codes from Security settings

Signing In with 2FA

After enabling 2FA, each sign-in will require your password plus the 6-digit code from your authenticator app. JWT tokens expire after 15 minutes for enhanced security.

Tip: For enterprise deployments, consider setting up SSO/SAML authentication which provides centralized security management. See the SSO setup article for details.

How Do I Invite Team Members?

Add team members to your organization with appropriate roles for collaborative compliance management.
3 min read 5,670 views

Inviting Members

  1. Go to Organization > Team
  2. Click "Invite Member"
  3. Enter the team member's email address
  4. Select their role (Owner, Contributor, or Viewer)
  5. Click "Send Invitation"
  6. The invited user will receive an email with a join link

Team Limits by Plan

  • Community (Free): Up to 3 users, 1 organization
  • Starter ($29/mo): Up to 10 users, 1 organization
  • Growth ($79/mo): Up to 50 users, 5 organizations
  • Enterprise: Unlimited users and organizations

Collaboration Features

  • Inline comments with @mentions on policies and assessments
  • Assessment campaigns with assignments and deadlines
  • Review workflows with approval chains
  • Real-time notifications via WebSocket
  • Comprehensive audit logging of all actions
Tip: Assign the Contributor role to team members who need to edit policies and assessments. Use the Viewer role for stakeholders who only need read access.

Understanding User Roles and Permissions

Learn about the role-based access control system and what each role can do within CyberPolicyPilot.
3 min read 5,230 views

Available Roles

  • Owner: Full access to all features including billing, team management, organization settings, and deletion. Can manage SSO/SAML configuration and white-label branding.
  • Contributor: Can create and edit policies, perform assessments, manage risks, upload evidence, and export reports. Cannot manage billing or organization settings.
  • Viewer: Read-only access to policies, assessments, dashboards, and reports. Cannot make changes but can add comments.

Multi-Tenant Isolation

CyberPolicyPilot enforces strict data isolation between organizations. Users can belong to multiple organizations but data never crosses organizational boundaries. Each organization's data is protected by company_id-based access controls.

Audit Trail

Every action is logged with timestamp, user identity, and IP address. Owners can review the complete audit log from Organization > Audit Log for security monitoring and compliance evidence.

Tip: Regularly review the audit log to ensure proper access patterns and detect any unauthorized activity.

How Do I Connect Cloud Integrations?

Set up automated evidence collection by connecting your cloud platforms to CyberPolicyPilot.
5 min read 4,890 views

Supported Integrations

  • AWS: Security Hub, IAM, CloudTrail, Config
  • Azure: Security Center, Active Directory, Policy
  • GCP: Security Command Center, IAM, Cloud Audit Logs
  • Okta: User management, authentication policies, MFA status
  • GitHub: Repository security, branch protection, secret scanning

Setting Up an Integration

  1. Go to Integrations from the sidebar
  2. Select the platform you want to connect
  3. Follow the platform-specific setup guide to generate credentials
  4. Enter the credentials (API keys, connection strings)
  5. Click "Test Connection" to verify
  6. Click "Save & Enable"

Integration Limits by Plan

  • Community (Free): 1 integration
  • Starter: 3 integrations
  • Growth & Enterprise: Unlimited integrations

Automated Scans

Once connected, CyberPolicyPilot automatically scans your cloud environments for security evidence. Scan results are mapped to compliance controls in the unified verification view.

Tip: All integration credentials are encrypted at rest using Fernet (AES) encryption. Credentials are never exposed in the UI after initial setup.

How Does the Endpoint Agent Work?

Deploy the lightweight Python endpoint agent to collect security evidence from on-premises devices.
4 min read 4,340 views

What Is the Endpoint Agent?

The endpoint agent is a lightweight Python script that runs on your devices (servers, workstations) to collect security evidence such as:

  • OS security configuration
  • Installed software and patch status
  • Firewall and antivirus status
  • Encryption status of drives
  • User account and access configurations

Deploying the Agent

  1. Go to Integrations > Endpoint Agents
  2. Click "Register New Agent"
  3. Copy the agent registration token
  4. Download the agent script
  5. Run the agent on the target device with the token
  6. The agent will register and begin reporting evidence

Agent Limits by Plan

  • Community (Free): 1 agent
  • Starter: 10 agents
  • Growth & Enterprise: Unlimited agents
Tip: The agent runs with minimal privileges and only collects security configuration data. It does not access file contents or user data.

Understanding Subscription Plans

Compare CyberPolicyPilot pricing plans and find the right fit for your organization.
4 min read 8,120 views

Plan Comparison

  • Community (Free):
    • 3 users, 1 organization
    • 10 policies, 10 AI generations (lifetime)
    • 1 integration, 1 endpoint agent
    • All 18+ compliance frameworks
  • Starter - $29/month (₹1,999/month):
    • 10 users, 1 organization
    • Unlimited policies, 50 AI generations/month
    • 3 integrations, 10 endpoint agents
    • PDF/DOCX export with branding
  • Growth - $79/month (₹4,999/month):
    • 50 users, 5 organizations
    • Unlimited policies and AI generations
    • Unlimited integrations and agents
    • Advanced reporting, SSO/SAML, webhooks
  • Enterprise - Custom pricing:
    • Unlimited everything
    • Dedicated support, SLA guarantees
    • Custom integrations and deployment options
    • On-premise deployment available

How to Upgrade

  1. Go to Settings > Billing
  2. Click "Upgrade Plan"
  3. Select your desired plan
  4. Enter payment details
  5. New features are available immediately
Tip: The Community plan is free forever and includes all 18+ compliance frameworks. It's a great way to evaluate the platform before upgrading.

How Do I Use the Risk Register?

Track, manage, and mitigate organizational risks with severity ratings and control linkage.
3 min read 4,560 views

Creating a Risk Entry

  1. Navigate to Risk Register from the sidebar
  2. Click "Add New Risk"
  3. Enter the risk title and description
  4. Set severity rating (Critical, High, Medium, Low)
  5. Assign a risk owner
  6. Link related compliance controls
  7. Define mitigation strategy
  8. Click "Save"

Risk Management Features

  • Severity Ratings: Color-coded risk levels for quick prioritization
  • Control Linkage: Connect risks to specific compliance controls
  • Mitigation Tracking: Track mitigation status (Open, In Progress, Mitigated, Accepted)
  • Owner Assignment: Assign responsible parties for each risk
  • Risk Dashboard: Visual overview of all risks by severity and status
Tip: Link risks to compliance controls to demonstrate risk-based decision making during audits.

How Do I Generate Executive Reports?

Create professional, audit-ready executive compliance reports with trend analysis and recommendations.
3 min read 5,120 views

Report Types

  • Executive Summary: High-level compliance overview with scores and key findings
  • Compliance Scorecard: Detailed per-framework scores and control status
  • Gap Analysis Report: Identified gaps with remediation recommendations
  • Risk Report: Organization-wide risk overview and mitigation status
  • Trend Report: 12-month compliance score history and improvements

Generating a Report

  1. Go to Reports from the sidebar
  2. Select the report type
  3. Choose frameworks and date range to include
  4. Click "Generate Report"
  5. Preview the report in-browser
  6. Export as PDF or DOCX with your organization's branding

Custom Report Builder

Use the drag-and-drop custom report builder to create tailored reports. Select which sections to include, reorder them, and add custom commentary for stakeholders.

Tip: Schedule recurring report generation for monthly board meetings or quarterly compliance reviews.

How Do I Use Policy Version Control?

Track policy changes over time with full version history, comparison tools, and the ability to revert changes.
3 min read 4,230 views

How Version Control Works

Every time you save changes to a policy, CyberPolicyPilot creates a new version. Each version records:

  • The full policy content at that point in time
  • Who made the change
  • When the change was made
  • A version number (auto-incremented)

Viewing Version History

  1. Open a policy
  2. Click the "Version History" button
  3. Browse the list of all versions
  4. Click any version to preview its content

Comparing Versions

Use the side-by-side comparison tool to see exactly what changed between any two versions. Additions are highlighted in green, deletions in red.

Reverting to a Previous Version

  1. Open the version history
  2. Select the version you want to restore
  3. Click "Revert to This Version"
  4. A new version is created with the restored content
Tip: Version history is essential for audit trails. Auditors can verify when policies were created, updated, and by whom.

How Do I Set Up SSO/SAML Authentication?

Configure Single Sign-On with Okta, Azure AD, Google Workspace, or custom SAML 2.0 providers.
5 min read 3,890 views

Supported SSO Providers

  • Okta: SAML 2.0 integration with auto-provisioning
  • Azure AD: Microsoft Entra ID integration
  • Google Workspace: Google SAML integration
  • Custom SAML 2.0: Any SAML 2.0 compatible identity provider

Setting Up SSO

  1. Go to Organization > Security > SSO/SAML
  2. Select your identity provider
  3. Enter the SSO configuration details:
    • Entity ID / Issuer URL
    • SSO Login URL
    • X.509 Certificate
  4. Configure attribute mapping (email, name, role)
  5. Test the SSO connection
  6. Enable SSO for your organization

Availability

SSO/SAML is available on Growth and Enterprise plans. Contact sales for SSO setup assistance.

Tip: After enabling SSO, you can optionally enforce SSO-only login to prevent password-based sign-in for enhanced security.

Understanding the Regulatory Update Feed

Stay informed about regulatory changes that affect your compliance posture with the built-in update feed.
3 min read 3,670 views

What Is the Regulatory Update Feed?

The Regulatory Update Feed is a timeline of regulatory changes across all supported compliance frameworks. It helps you stay informed about new requirements, amendments, and enforcement updates.

Features

  • Timeline View: Chronological list of regulatory updates
  • Framework Filtering: Filter updates by specific frameworks
  • Impact Level Badges: Critical, High, Medium, and Low impact indicators
  • Affected Control Mapping: See which controls are impacted by each update
  • Action Recommendations: Guidance on what changes you need to make

Accessing the Feed

Navigate to Dashboard > Regulatory Updates to view the feed. You can also enable notifications to receive alerts for high-impact regulatory changes.

Tip: Subscribe to notifications for your primary compliance frameworks to stay ahead of regulatory changes that could affect your certification or audit readiness.

How Do I Delete My Account and Data?

Instructions for deleting your CyberPolicyPilot account and understanding GDPR-compliant data removal.
3 min read 2,890 views

Before You Delete

Please consider the following before deleting your account:

  • All your policies, assessments, and reports will be permanently deleted
  • Organization data will be removed if you are the sole owner
  • Subscription will be cancelled and no refund will be issued for the current billing period
  • This action is irreversible after the grace period

Export Your Data First

  1. Go to Settings > Account > Export Data
  2. Click "Request Data Export"
  3. You'll receive a download link via email with all your data
  4. Download includes policies, assessments, reports, and audit logs

Deleting Your Account

  1. Go to Settings > Account
  2. Scroll down and click "Delete Account"
  3. Read the warning and confirm your understanding
  4. Enter your password (and 2FA code if enabled)
  5. Click "Permanently Delete My Account"

GDPR Compliance

CyberPolicyPilot is fully GDPR compliant. Your data will be completely removed from all systems within 30 days. You have a 30-day grace period to recover your account by signing back in.

Alternative: If you need a break, consider downgrading to the free Community plan instead of deleting your account. Your data will be preserved.