# AgileCT Cyber Insurance Evidence Pack Template

This template is the working structure for a paid Cyber Insurance Readiness Review or Evidence Pack engagement. It is designed for broker and underwriter conversations, not as legal or insurance advice.

## 1. Executive Summary

| Item | Summary |
| --- | --- |
| Client |  |
| Renewal or application deadline |  |
| Broker / carrier / form |  |
| Review period |  |
| Overall readiness | Ready / Needs remediation / Urgent gaps |
| Primary risks |  |
| Recommended next step |  |

## 2. Business Risk Profile

| Area | Notes |
| --- | --- |
| Employee count and locations |  |
| Sensitive data handled | Client data / health data / payment data / employee data / other |
| Critical systems |  |
| Cloud services |  |
| Remote access model |  |
| Critical third parties |  |
| Recent business changes |  |
| Prior incidents or near misses |  |

## 3. Carrier Question Mapping

| Carrier question | Control family | Current answer | Evidence | Owner | Date | Also supports customer questionnaire? | Gap / note |
| --- | --- | --- | --- | --- | --- | --- | --- |
|  | MFA |  |  |  |  | Yes / No / Needs review |  |
|  | Endpoint protection |  |  |  |  | Yes / No / Needs review |  |
|  | Backups |  |  |  |  | Yes / No / Needs review |  |
|  | Patch management |  |  |  |  | Yes / No / Needs review |  |
|  | Email security |  |  |  |  | Yes / No / Needs review |  |
|  | Incident response |  |  |  |  | Yes / No / Needs review |  |
|  | Security training |  |  |  |  | Yes / No / Needs review |  |
|  | Vendor risk |  |  |  |  | Yes / No / Needs review |  |

## 4. Evidence Inventory

| Evidence item | Acceptable proof | Status | Owner | Freshness target |
| --- | --- | --- | --- | --- |
| MFA enforcement report | Identity provider export or admin screenshot | Missing / partial / ready | IT / MSP | Within 30 days |
| EDR coverage report | EDR console export showing devices covered | Missing / partial / ready | IT / MSP | Within 30 days |
| Backup configuration | Backup policy, job report, immutable/offline proof | Missing / partial / ready | IT / MSP | Within 30 days |
| Restore test result | Test date, system restored, outcome, issues | Missing / partial / ready | IT / MSP | Within 90 days |
| Patch compliance report | RMM or vulnerability report with SLA status | Missing / partial / ready | IT / MSP | Within 30 days |
| Email authentication | SPF, DKIM, DMARC records and policy | Missing / partial / ready | IT / MSP | Current DNS check |
| Incident response plan | Current plan with named roles and contacts | Missing / partial / ready | Leadership / IT | Reviewed within 12 months |
| Tabletop notes | Scenario, participants, decisions, follow-up actions | Missing / partial / ready | AgileCT / client | Within 12 months |
| Training completion | Completion report and phishing simulation summary | Missing / partial / ready | HR / IT | Within 12 months |
| Vendor inventory | Critical vendor list and review evidence | Missing / partial / ready | Operations / IT | Within 12 months |

## 5. Gap Roadmap

| Finding ID | Priority | Gap | Why it matters for underwriting | Recommended action | Owner | Target wave | Validation evidence |
| --- | --- | --- | --- | --- | --- | --- | --- |
|  | Must fix |  |  |  |  | Days 1-30 |  |
|  | Renewal supporting |  |  |  |  | Days 31-60 |  |
|  | Next quarter |  |  |  |  | Days 61-90 |  |

### 30/60/90 Remediation Waves

| Wave | Focus | Typical work | Exit evidence |
| --- | --- | --- | --- |
| Days 1-30 | Stabilize urgent and easily exploitable gaps | MFA, missing patches, exposed admin access, weak credentials, backup proof, policy gaps blocking submission | Updated configuration, screenshots, reports, owner sign-off |
| Days 31-60 | Coordinate complex fixes | Code, network, vendor, MSP, or change-window items that need cross-team planning and retesting | Change record, test result, post-fix evidence tied to finding ID |
| Days 61-90 | Validate, harden, and govern | Lower-risk items, configuration hardening, credential rotation, documentation cleanup, follow-up planning | Final verification, evidence index update, quarterly review item |

### Exception Register

| Finding ID | Rationale for deferral | Temporary control | Owner | Expiry date | Review cadence |
| --- | --- | --- | --- | --- | --- |
|  |  |  |  |  | Weekly / monthly |

## 6. Broker-Ready Summary

Use plain language. Do not overstate a control. If a control is partial, describe the current scope and remediation date.

### Current Strengths

- 
- 
- 

### Known Gaps and Remediation Plan

- 
- 
- 

### Evidence Attached

- 
- 
- 

## 7. Renewal Timeline

| Timing | Workstream |
| --- | --- |
| 90-120 days before renewal | Outside-in checks, business change review, previous application comparison |
| 60-90 days before renewal | Guided evidence collection and owner assignment |
| 30-60 days before renewal | Evidence mapping, gap summary, broker-ready package |
| At renewal | Submit package with application and track underwriter follow-up |
| Between renewals | Quarterly evidence refresh and control drift review |

## 8. AgileCT Follow-On Options

| Option | When to recommend |
| --- | --- |
| Remediation sprint | Gaps affect a near-term renewal deadline |
| Incident response tabletop | IR plan exists but has not been tested |
| Policy and procedure package | Written evidence is missing or outdated |
| MFA / endpoint / backup implementation support | Technical controls are partial or not deployed |
| Quarterly readiness retainer | Client wants evidence kept current between renewals |