1. Compliance Analysis: Detailed analysis of compliance with specific regulations or standards, used when the organization needs to demonstrate regulatory compliance

2. Business Impact Analysis: Assessment of potential business impacts of identified risks, included when detailed business continuity planning is required

3. Cost-Benefit Analysis: Financial analysis of proposed controls and treatments, used when detailed financial justification is needed

4. Third-Party Risk Assessment: Evaluation of risks associated with vendors and service providers, included when significant third-party dependencies exist

5. Cloud Security Assessment: Specific analysis of cloud-based services and associated risks, used when cloud services are a significant part of the IT infrastructure

6. Privacy Impact Assessment: Detailed privacy risk analysis, included when processing sensitive personal information

7. Data Classification Review: Detailed review of data classification and handling requirements, used when dealing with sensitive or regulated data

1. Risk Register: Detailed log of all identified risks, their assessments, and treatment plans

2. Control Framework Mapping: Mapping of controls to relevant frameworks (e.g., ISO 27001, Essential Eight)

3. Technical Vulnerability Report: Detailed technical findings from vulnerability assessments and penetration tests

4. Asset Register: Detailed inventory of all IT assets including classifications and owners

5. Risk Assessment Matrix: Detailed risk scoring criteria and evaluation matrices

6. Action Plan Template: Template for documenting and tracking risk treatment actions

7. Compliance Checklist: Detailed compliance requirements and current status

8. Security Architecture Diagrams: Technical diagrams showing security controls and system architecture

9. Incident Response Procedures: Procedures for responding to identified high-risk scenarios