When you select a template or use the DIY Creator, your inputs are combined with expert-crafted prompts through Google's Genkit framework. Our prompts incorporate:

• Industry Standards: NIST CSF, ISO 27001, SOC 2, CIS Controls
• Regulatory Requirements: GDPR, HIPAA, PCI-DSS, CCPA
• Best Practices: OWASP, SANS, MITRE ATT&CK

The AI processes this combined context to produce professional documents in Markdown format, optimized for accuracy, structure, and compliance relevance.

AI is a powerful tool that can significantly accelerate the document creation process. However, it's crucial to understand that AI-generated content is a starting point, not a final product.

Every generation opens as a live, editable Markdown document—so you can refine language, add organization-specific details, and iterate until it matches your requirements. We also save your generated documents so you can come back later to review, edit, and export without starting from scratch.

• Accuracy: While we strive for high accuracy, AI models can occasionally produce information that may not be perfectly up-to-date or universally applicable.
• Variation: The nature of generative AI means that results can vary slightly even with the same input.
• Context is Key: The quality of the output heavily depends on the clarity and specificity of the input you provide.
• Live Document: Treat the output as a working draft in Markdown that you can edit and tailor in real time.
• Saved for Later: Your generations are stored for future reference, edits, and export whenever you need them.

Always review and customize the generated documents to ensure they meet your specific organizational requirements, legal obligations, and industry standards.

An "AI hallucination" refers to instances where the AI generates information that is incorrect, nonsensical, or not grounded in the input data provided. While advanced models have reduced the frequency of hallucinations, they can still occur.

AI output is not legal advice and should not be treated as a substitute for review by qualified professionals.

Our Approach:

• Structured Prompts: We use carefully engineered prompts and provide context to guide the AI, minimizing the chance of irrelevant or inaccurate outputs.
• Template-Driven Generation: For many documents, generation is based on established templates, which helps maintain structure and relevance.
• Retry Mechanisms: Our backend includes mechanisms to retry generation if an initial attempt seems problematic, sometimes leading to better results.

Your Role:

• Critical Review: The most important step is to critically review all generated content. Compare it against known facts, your organization's specific context, and any applicable regulations.
• Compliance & Legal Review: Have your compliance officer and legal counsel validate regulatory interpretations, contractual language, and jurisdiction-specific obligations before relying on the document.
• Fact-Checking: Verify any specific claims, statistics, framework mappings, or legal references made by the AI.
• Program Implementation: Once approved, the CISO (or security leadership) should implement the content within the information security program, assign ownership, and establish a maintenance/review cadence.
• Customization: Use the AI-generated draft as a foundation and tailor it extensively.

Protecting sensitive information is paramount. When using CyberTemplates, please consider the following:

• User Input Responsibility:You are in control of the information you provide. Avoid inputting highly sensitive personal data (PII), confidential business secrets, or classified information directly into the free-text input fields. The AI will use the text you provide to generate the document.
• Data Processing:Your inputs are processed by Google's Generative AI models to create the document content. For details on how Google handles data submitted to its AI services, please refer to Google's official AI data usage and privacy policies.
• No Persistent Storage of Inputs by CyberTemplates:CyberTemplates itself does not store the specific textual inputs you provide for document generation beyond the active session required to generate and deliver the document to you. Once the document is generated and presented, your input text is not retained by our application servers.
• Focus on Customization Prompts, Not Raw Data:Instead of pasting large blocks of sensitive internal data, focus on providing clear instructions, company names (if comfortable), roles, objectives, and specific clauses or points you want to be included or modified based on the templates. For example, instead of pasting an entire sensitive internal report, instruct the AI to "Generate an incident response policy for a company named 'YourCompanyName' that includes sections on detection, containment, and post-incident review."
• Post-Generation Review:Thoroughly review the generated document to ensure no unintended sensitive details (that might have been inferred or generalized by the AI, however unlikely) are present before finalizing and distributing it.

We cannot stress enough the importance of customizing the AI-generated documents. The AI provides a robust and often comprehensive draft, but it's your expertise and organizational context that will transform it into a production-ready document.

• Review every section for accuracy and applicability.
• Adapt terminology to match your organization's language.
• Ensure compliance with all relevant legal and regulatory requirements specific to your industry and location.
• Consult with legal or cybersecurity professionals as needed.

CyberTemplates is designed to be your assistant, helping you get started quickly and efficiently, but the final responsibility for the document's content and suitability rests with you.