Frequently Asked Questions

Use our Start Here product finder — answer 3 questions and get a personalised recommendation with reasoning. Or browse the product comparison table showing all 13 products with pricing, document counts, and app availability at a glance.

Complete documents with substantive content. Every policy includes specific requirements, defined roles, technical parameters, and framework mappings. Every procedure includes step-by-step instructions with decision criteria. You customise existing professional content rather than writing from scratch. Download our free samples to see the quality before you buy.

Yes. The documentation is designed to produce the evidence set auditors expect. Framework mappings in every governance document trace requirements to specific controls. Evidence trackers map artefacts to framework clauses. Products like the SOC 2 Readiness Suite, CMMC Toolkits, and Information Security Policy Suite are specifically structured around the audit criteria your assessor evaluates.

Four products include browser-based applications: the Risk Management Toolkit, Information Security Policy Suite, AI Security Toolkit, and Zero Trust Implementation Toolkit. These apps provide interactive dashboards, data management, AI-powered features, and export capabilities beyond what static documents offer. All other products are documentation toolkits — professionally written DOCX and XLSX files you customise and deploy. Both types are complete and functional on their own.

GRC platforms are subscription-based SaaS tools designed for ongoing compliance management — typically $10,000–$100,000+/year with implementation projects and platform lock-in. Ridgeline products are one-time purchases that give you ownership of your documentation and tools. Your data stays in your browser (for apps) or in your own files (for documents). If you outgrow Ridgeline, every piece of data exports cleanly. We're built for organisations that need professional governance without the subscription overhead.

We don't currently offer pre-packaged bundles, but products are designed to work together. The Start Here guide recommends product combinations based on your goals. If you're purchasing multiple products for your organisation, contact us to discuss your requirements.

Across the full product line: ISO 27001:2022, ISO 22301:2019, ISO 31000:2018, ISO 42001, NIST CSF 2.0, NIST AI RMF 1.0, NIST SP 800-171, CIS Controls v8, SOC 2 (Trust Services Criteria), CMMC 2.0, PCI-DSS 4.0, GDPR, DORA, CCPA/CPRA, EU AI Act, and OWASP Top 10 for LLM Applications 2025. Each product page lists its specific framework mappings.

No installation required. Each app is a single HTML file that opens in any modern browser (Chrome, Edge, Firefox, Safari). Double-click the file and it runs — no server, no internet connection, no account. Your data is stored in your browser's local storage and can be exported as JSON at any time for backup or migration.

Your data never leaves your browser. Everything is stored in browser localStorage on your device — nothing is transmitted to any server, including ours. The Risk Management Toolkit offers optional AES-256-GCM encryption at rest with a passphrase you set. You can export complete backups as JSON files for version control and disaster recovery. This is fundamentally different from cloud-based GRC platforms where your data lives on their servers.

AI features are built into the apps at no extra cost. You have two options: bring your own API key (BYOK) for Claude or OpenAI to get frontier model quality, or use the built-in local AI (WebLLM via WebGPU) which runs entirely in your browser at zero cost with zero data leaving your device. AI features include description generators, recommendation engines, gap analysis, and executive summary writers. Every product works fully without AI — the features are additive, not dependencies.

Yes, completely. The apps are self-contained HTML files with no external dependencies. Open the file in your browser and everything works — dashboards, data entry, exports, calculations, and scoring. The only feature that requires internet is BYOK AI calls, which go directly from your browser to your chosen API provider. Local AI (WebLLM) also works offline once the model is loaded.

Yes. Copy the HTML file to any device and open it in a browser. Since data lives in browser localStorage, each browser maintains its own data. Use the JSON export/import feature to move data between devices or browsers. Export from your work laptop, import on your home machine — the process takes seconds.

Governance documents (policies, standards, procedures, plans) are Microsoft Word (.docx). Trackers, dashboards, assessment tools, and scoring engines are Microsoft Excel (.xlsx). Apps are single HTML files. Guides are provided in both Word and PDF. All use standard fonts and formatting compatible with Microsoft Office, Google Workspace, and LibreOffice.

Yes. All DOCX files open and edit in Google Docs. All XLSX files open and edit in Google Sheets. Formatting, tables, and conditional formatting transfer cleanly. The apps run in Chrome and don't require any office suite.

The apps export to XLSX (risk registers, control matrices, evidence trackers), CSV (raw data), JSON (full backup and portability), and PPTX (board decks and executive presentations). Exports include your organisation's branding when configured.

Yes. The apps accept JSON imports from backups. If you have existing risk data in spreadsheets, you can enter it through the app's interface. The Risk Management Toolkit also supports importing data from the legacy standalone toolkits (Risk Assessment Toolkit, BIA Suite, Vendor Risk Management System).

Yes. The licence covers your organisation. Share the documentation files with anyone on your team — security analysts, IT managers, compliance officers, executives. There's no per-seat limit on who can read, use, or reference the documents within your organisation.

Standard licences cover one organisation. MSPs, consultancies, and resellers serving multiple clients should contact us for multi-use licensing options.

Yes — modification is expected and encouraged. All documents are fully editable. Placeholder fields are marked with [brackets] for easy customisation. Replace branding with your organisation's logo, colors, and formatting. The documents become yours.

Immediate download. After payment, you receive a download link via email and can access files directly from your order confirmation page. Everything arrives as a ZIP file containing all documents, apps, and guides organised in a clear folder structure with a START_HERE guide.

Major framework updates (new NIST versions, ISO revisions, OWASP updates) trigger product updates within 90 days. Customers receive email notifications when updates are available. This is a key advantage of the one-time purchase model — you get updates without an ongoing subscription.

Credit and debit cards (Visa, Mastercard, American Express) via our secure payment processors. Product purchases are processed through Lemon Squeezy. Implementation services are invoiced via Stripe. All prices are in USD. We never see or store your card details.

All products are digital downloads. By purchasing and downloading, you consent to immediate delivery and waive your statutory right to cancel. Refunds are available for defective products. See our full Refund Policy.

Yes. All customers can contact us with product questions, implementation guidance, or technical issues. We typically respond within one business day.