Reports, frameworks, and working references written for chief compliance officers, IT leads, and managing partners at SEC-registered advisers. Every document is free to read. PDFs download in exchange for an email — the same address that receives the BrainTrust newsletter.
Four documents covering the full arc of SEC cybersecurity compliance — from understanding what examiners expect, to building the program, to governing AI, to stress-testing your readiness.
What SEC cybersecurity examinations actually ask for, drawn from published deficiency findings and the documentation requests firms receive before an exam. Covers the regulatory framework, a full aggregation of real examination requests, and a 2023 examination notice reproduced in full.
Read & download → Blueprint · OperationsA three-phase operations guide for the person responsible for running cybersecurity compliance at an RIA — whether CCO, IT lead, or COO. Phase 1 covers immediate foundation. Phase 2 covers ongoing operations. Phase 3 covers continuous improvement. Includes checklists, deliverables, and evidence cadences for each phase.
Read & download → Framework · 2026Nine controls for governing AI use at an RIA, mapped to Rule 206(4)-7, Reg S-P, and the SANS and NIST AI Risk Management frameworks. Covers governance, access controls, data protection, deployment strategy, inference security, monitoring, and regulatory alignment.
Read & download → Audit · SimulationA structured tabletop simulation of an SEC cybersecurity examination — the request-for-information letter, the documentation categories examiners pull, and the controls they expect to verify. Use it to identify gaps before an examiner does.
Read & download →What a compliant P&P manual must cover, how to structure it, and the evidence it needs to generate. The full template — including the Reg S-P revision — is available to BrainTrust Premium subscribers.
Read the guide → Calendar · ChecklistThe recurring obligations an SEC-registered adviser carries through the year — annual reviews, filings, ADV deliveries, and the cybersecurity tasks that sit alongside them, organized by quarter.
View & download → ReferenceA practitioner breakdown of SEC, FINRA, NYDFS, and state cybersecurity rules — each rule reduced to its obligation, the control that satisfies it, and the evidence an examiner expects.
Open reference →Positions on SEC cybersecurity enforcement, MSP dependency, vendor concentration, and the practical side of running a defensible compliance program. Each piece takes a view rather than summarizing the news.
BrainTrust Free delivers the newsletter and the starter template library to your inbox. No charge, and the same email unlocks every PDF on this page.
Join BrainTrust Free