Document types¶
Supported document types in the Writing Studio.
The Studio supports a defined set of governance document types, grouped by audience and purpose. Each type has a standard structure and use case. Detailed references live in the document-types section; this page is the catalog and index.
Executive and board communication¶
Documents for board, executive leadership, and strategic decision-making.
| Document type | Purpose | Reference |
|---|---|---|
| Board Security Brief | Short, high-level security status and key risks for the board. | board-security-brief.md |
| Executive Security Risk Summary | Consolidated view of security risks and mitigation for executives. | executive-security-risk-summary.md |
| Security Program Status Report | Program health, metrics, and progress for leadership. | security-program-status-report.md |
| Strategic Security Initiative Justification | Business case and rationale for a major security initiative. | strategic-security-initiative-justification.md |
Regulatory and compliance documentation¶
Documents for regulators, auditors, and compliance justification.
| Document type | Purpose | Reference |
|---|---|---|
| Regulatory Security Explanation | Explain security posture and controls to a regulator. | regulatory-security-explanation.md |
| Compliance Justification Document | Justify how controls meet a specific requirement or framework. | compliance-justification-document.md |
| Security Control Implementation Explanation | Describe how a control is implemented and evidenced. | security-control-implementation-explanation.md |
| Governance Response Memo | Respond to an audit or regulatory request on governance. | governance-response-memo.md |
Legal-technical analysis¶
Documents that bridge technical facts and legal or counsel needs.
| Document type | Purpose | Reference |
|---|---|---|
| Technical Evidence Narrative | Chronological, factual narrative of an incident for legal/litigation. | technical-evidence-narrative.md |
| Security Architecture Explanation for Legal Review | Explain architecture and controls for counsel review. | security-architecture-explanation-legal-review.md |
| Security Risk Justification Memo | Justify risk acceptance or mitigation for legal/audit. | security-risk-justification-memo.md |
| Security Decision Documentation | Record a significant security decision and rationale. | security-decision-documentation.md |
Policy and governance writing¶
Internal policy, governance, and program documentation.
| Document type | Purpose | Reference |
|---|---|---|
| Security Policy Draft | Draft or update an enterprise security policy. | security-policy-draft.md |
| Security Governance Memo | Define or clarify governance (roles, committees, escalation). | security-governance-memo.md |
| Security Program Justification | Justify program scope, resourcing, or structure. | security-program-justification.md |
| Internal Security Directive | Directive or mandate from leadership on security. | internal-security-directive.md |
Public communication support¶
Documents for external audiences: customers, public statements, transparency.
| Document type | Purpose | Reference |
|---|---|---|
| Security Public Statement Draft | Draft for press, blog, or public breach/incident statement. | security-public-statement-draft.md |
| Customer Security Explanation | Explain a security topic or incident to customers. | customer-security-explanation.md |
| Security Transparency Report Section | Section for an annual or ad-hoc transparency report. | security-transparency-report-section.md |
How to use this catalog¶
- Match your trigger — Use Workflows to see which document types apply to your situation.
- Open the reference — Follow the link to the detailed page for structure, audience, and tips.
- Draft — Use the structure and guidance; in premium, use templates and generation support.
- Review — Align with evidence and primary sources; get appropriate sign-off.
All document types are designed to support evidence readiness and defensibility—so what you produce can be traced to controls and facts that regulators and counsel expect.