Free resources

13 free templates for AI security review.

Practical spreadsheets for security architects, AI governance leads, AppSec teams, and GRC owners. Each template includes lifecycle gates, evidence requirements, and a worked example.

12templates
300+controls mapped
9frameworks covered
AI Security Review3 templates

End-to-end review workflow — from system intake to disposition and sign-off.

Architecture security5 templates

Controls and checklists mapped to specific AI architecture patterns.

Governance & compliance3 templates

Framework alignment, inventory, and committee operating models.

Blog

Deeper context on the frameworks behind these templates.

The blog covers the reasoning behind ISO 42001 evidence, OWASP Agentic controls, EU AI Act classification, and AI security review methodology.

Browse the blog

Frequently asked

Frequently asked questions

Are these templates really free?
Yes. Enter your work email to download. You get the file immediately and will receive new posts from the blog when they publish. No paid plan required.
What format are the templates?
All templates are Excel spreadsheets (.xlsx). They open in Microsoft Excel, Google Sheets, Apple Numbers, or any spreadsheet tool. Each file includes a how-to guide tab and working columns for status, owner, and gap tracking.
Do the templates work on their own, without Drel?
Yes. They are fully standalone. Drel can automate the underlying security review that generates the same artefacts, but the spreadsheets work independently as manual tracking tools. Teams use them for pre-review work, committee submissions, and audit evidence.
Which template should I start with?
Start with the AI Security Review Template — it is the master workflow document and references the other templates. If your immediate need is a specific framework (OWASP LLM, ISO 42001, EU AI Act), go directly to that template.
Do these satisfy ISO 42001 or EU AI Act requirements?
They support the evidence requirements — the templates map to specific clauses and articles. Satisfying the requirements is a combination of completing the templates accurately, having legal and compliance review, and (for ISO 42001 certification) engaging an accredited certification body.
How often should I update the templates?
Per system and per re-assessment trigger. When the system changes (new model, new tool, scope expansion, vendor change), re-run the relevant template. Most organisations do a quarterly review pass on live AI systems.