Free Tools

Free Cybersecurity Tools for CISOs and Security Teams

Pick the artifact you need, run the browser-based tool, and leave with something useful: a questionnaire, requirements map, risk register, matrix, or readiness snapshot. No account required, and each tool is paired with GreenHat guidance so the output is easier to interpret.

Start With Vendor Risk Browse Resources

Tool Finder

What are you trying to produce?

Choose the closest job to be done. The page will take you straight to the tool that creates the right artifact.

Figure out what requirements apply

Map Canadian privacy, cyber, sector, procurement, and contract signals before leadership asks for a plan.

Requirements summaryOpen tool

Review a vendor before access

Turn onboarding, renewal, privileged access, or sensitive data sharing into a structured vendor review.

Vendor review PDFOpen tool

Show risk to leadership

Build a lightweight register, customize likelihood and impact, and export a risk matrix for discussion.

Risk register and matrixOpen tool

Assess an AI vendor or workflow

Check data use, retention, model behavior, logging, governance, and incident response before approval.

AI risk questionnaireOpen tool

Start a quantum readiness conversation

Score PQC planning, cryptographic inventory, crypto agility, vendor readiness, and HNDL exposure.

CSV + PDF readiness snapshotOpen tool

No account required

Open the tool, answer what you know, and leave without a login wall.

Answers stay in your browser

Most tools keep working data local until you choose to export or continue.

Built for CISO artifacts

Outputs are designed for vendor reviews, risk conversations, requirements maps, and readiness planning.

Most Useful Starting Points

Start With The Artifact You Need

These tools are designed around common CISO workflows: understanding obligations, reviewing vendors, and converting findings into risk decisions leadership can act on.

Each starting point links to a tool and a related guide, so the output has context instead of becoming another orphaned spreadsheet.

Step 1

Map requirements

Start with the obligations and pressure signals that shape the security program.

Recommended tool

Cybersecurity and Privacy Requirements for Your Organization

Output: Requirements summary

Start Questionnaire

Step 2

Collect evidence

Use the vendor security assessment questionnaire when third parties touch systems or sensitive data.

Recommended tool

Vendor Security Assessment Questionnaire Template

Output: Browser-local PDF

Open Assessment Template

Step 3

Prioritize risk

Translate findings into a risk register and matrix that leadership can actually use.

Recommended tool

Cyber Risk Matrix Builder

Output: CSV + printable matrix

Build Risk Matrix
Tool Library

Tool Library

Browse every browser-based GreenHat tool, including questionnaires, assessments, and builders that keep answers local until the user exports or moves forward.

Vendor Risk10-15 minutes

Vendor Security Assessment Questionnaire Template

Review vendor access, evidence, monitoring, resilience, secure development, and incident response before onboarding or renewal.

Best when

Use before granting privileged access, sensitive data sharing, or critical vendor dependency.

Output

Browser-local PDF

Data handling

Answers stay in your browser until export.

Open Assessment Template Read the risk assessment guide
Regulatory Mapping5-8 minutes

Cybersecurity and Privacy Requirements for Your Organization

Map Canadian cybersecurity and privacy requirements by province, sector, data type, contracts, and customer pressure.

Best when

Use when leadership asks which Canadian cyber and privacy requirements apply to the organization.

Output

Requirements summary

Data handling

No account required; answers stay in the browser session.

Start Questionnaire Read the Bill C-8 guide
Risk Register10-20 minutes

Cyber Risk Matrix Builder

Create a lightweight risk register, customize likelihood and impact criteria, view a 5x5 matrix, and export the register.

Best when

Use when you need a leadership-ready risk register without inventing a scoring model from scratch.

Output

CSV + printable matrix

Data handling

Risks stay in your browser until export.

Build Risk Matrix Read the risk assessment guide
AI Governance8-12 minutes

Generative AI Risk Questionnaire

Evaluate AI vendors and internal AI implementations across data use, retention, model behavior, logging, governance, and incident response.

Best when

Use when a team wants to adopt a new AI tool or connect AI to sensitive workflows.

Output

Browser-local PDF

Data handling

No account required; responses remain local.

Access AI Tool Read the AI questionnaire guide
Quantum Readiness8-12 minutes

Quantum Readiness Assessment

Score post-quantum cryptography readiness, harvest-now-decrypt-later exposure, cryptographic inventory, crypto agility, and vendor readiness.

Best when

Use when you need an early PQC roadmap conversation with IT, security, procurement, and vendors.

Output

CSV + PDF

Data handling

No account required; responses stay local until export.

Start Assessment Read the quantum readiness guide

Need help interpreting the output?

Use the exports as a starting point. GreenHat can help turn results into priorities, owners, evidence routines, and board-ready next steps.

Book a Briefing