The most comprehensive GRC prompt library on GitHub. 45 engineered prompts across 13 domains. ISO 42001, ISO 27001, EU AI Act, NIST AI RMF, GDPR, DORA, and more. Built by a GRC practitioner. For GRC practitioners.
Download Excel Workbook ย |ย Browse All Prompts ย |ย When to Use What ย |ย Follow on LinkedIn
|
Engineered, not typed. Every prompt has a role instruction, XML context block, sequenced steps, and an output format constraint. The difference between an output you can use and one you have to rewrite is prompt engineering. This library does that for you. 45 prompts. 13 domains. Risk Management, Compliance, Audit, AI Governance, Third-Party Risk, Incident Response, Business Continuity, Board Reporting, Policy Writing, Training, Implementation, and more. Every major framework covered. ISO 42001, ISO 27001, NIST AI RMF, EU AI Act, GDPR, DORA, SOC 2, NIST CSF, ISO 31000, FAIR, CRISC, CISA, CISM, CISSP. |
Three skill levels.
Works across all major LLMs. Claude (Anthropic), GPT-4o (OpenAI), Gemini (Google). The XML structure is especially effective with Claude. Hard output constraint in every prompt. Every prompt includes a CRITICAL OUTPUT RULE that prevents AI models from using em dashes, keeping all generated content clean and consistent. |
No other GRC prompt library has these.
Most GRC libraries stop at frameworks and audits. This one goes further.
| # | Prompt | What It Does |
|---|---|---|
| 38 | GRC Certification Study Plan Builder | Week-by-week study plan for CRISC, CISA, CISM, CISSP, ISO 42001 and more |
| 39 | GRC Career Pathway Advisor | Personalised roadmap from your current role to your target role |
| 40 | GRC Interview Preparation Coach | Realistic questions, model answers, specific concern coaching |
| 41 | GRC Certification Exam Simulator | Exam-standard practice questions with why-wrong explanations |
| 42 | GRC Professional Development Plan Writer | Genuinely SMART objectives with evidence standard for appraisal |
| 43 | GRC Salary and Market Positioning Analyser | Percentile ranges, negotiation strategy, alternative levers |
| 44 | GRC Resume Architect (ATS Killer) | Build a GRC resume that passes automated screening and stops recruiters scrolling |
| 45 | GRC Company and Startup Founder Mentor | The strategic mentor most GRC founders cannot afford to hire, in a single prompt |
1. Find your prompt in the table below or use the Decision Tree
2. Copy the full prompt text from the .md file
3. Replace every [VARIABLE] with your specific information
4. Paste into Claude, GPT-4o, Gemini, or any capable LLM
The golden rule: Vague variables produce generic outputs.
[ORGANISATION]: large bankproduces something generic.[ORGANISATION]: mid-size UK retail bank, FCA and PRA regulated, 2,400 employees, deploying AI in credit underwritingproduces something you can put in a board pack.
Download the GRC Prompt Library Excel Workbook - all 45 prompts in a fully designed, navigable format:
- Cover sheet with domain overview and career prompt highlights
- Contents grouped by domain with click-through hyperlinks
- Decision Tree: situation-to-prompt navigation guide
- Domain colour coding across 13 categories
- Back-to-contents and cross-navigation on every prompt sheet
| # | Prompt | Level |
|---|---|---|
| 01 | AI Risk Register Builder | Practitioner |
| 02 | Operational Risk Assessment | Practitioner |
| 03 | Remediation Plan Builder | Practitioner |
| 04 | Quantitative Risk Modelling Assistant (FAIR) | Advanced |
| # | Prompt | Level |
|---|---|---|
| 05 | Regulatory Gap Analysis | Practitioner |
| 06 | Regulatory Obligation Mapper | Practitioner |
| 07 | Data Protection Impact Assessment (DPIA) Writer | Practitioner |
| 08 | Master Controls Mapper | Practitioner |
| 09 | Privacy Notice and Consent Mechanism Drafter | Practitioner |
| # | Prompt | Level |
|---|---|---|
| 10 | Audit Finding and Recommendation Writer | Advanced |
| 11 | Control Design and Test Script Writer | Practitioner |
| 12 | Compliance Evidence Checklist Generator | Practitioner |
| 13 | Control Self-Assessment (CSA) Questionnaire | Essential |
| 14 | Tabletop Exercise Facilitator Guide | Practitioner |
| # | Prompt | Level |
|---|---|---|
| 15 | AI Policy Drafter | Practitioner |
| 16 | AI Explainability (XAI) Translator | Advanced |
| 17 | Shadow AI Discovery Interviewer | Essential |
| 18 | Data Lineage and Provenance Auditor | Practitioner |
| 19 | Human-in-the-Loop (HITL) Workflow Architect | Practitioner |
| 20 | AI Governance Implementation Roadmap | Advanced |
| # | Prompt | Level |
|---|---|---|
| 21 | ISO 27001 Control Gap Assessor | Practitioner |
| # | Prompt | Level |
|---|---|---|
| 22 | AI Vendor Risk Assessment | Practitioner |
| 23 | Supplier Contract Clause Generator | Advanced |
| 24 | Third-Party Ongoing Monitoring and Review | Practitioner |
| 25 | Third-Party Due Diligence Questionnaire (DDQ) Builder | Practitioner |
| # | Prompt | Level |
|---|---|---|
| 26 | AI Incident Response Playbook | Advanced |
| 27 | Cyber Security Incident Report Writer | Practitioner |
| # | Prompt | Level |
|---|---|---|
| 28 | Business Continuity Plan (BCP) Builder | Practitioner |
| # | Prompt | Level |
|---|---|---|
| 29 | AI Governance Board Briefing | Advanced |
| 30 | Risk and Compliance Committee Report | Advanced |
| # | Prompt | Level |
|---|---|---|
| 31 | Universal Policy Maker | Practitioner |
| 32 | GRC Job Description Writer | Essential |
| # | Prompt | Level |
|---|---|---|
| 33 | GRC Training Scenario Generator | Essential |
| 34 | AI Literacy Assessment Generator | Essential |
| # | Prompt | Level |
|---|---|---|
| 35 | Framework Implementation Assistant | Advanced |
| 36 | GRC Implementation Mentor (Conversational Coach) | Advanced |
| 37 | GRC Implementation Consultant (Deliverable Generator) | Practitioner |
No other GRC prompt library has these.
| # | Prompt | Level |
|---|---|---|
| 38 | GRC Certification Study Plan Builder | Essential |
| 39 | GRC Career Pathway Advisor | Essential |
| 40 | GRC Interview Preparation Coach | Essential |
| 41 | GRC Certification Exam Simulator | Essential |
| 42 | GRC Professional Development Plan (PDP) Writer | Essential |
| 43 | GRC Salary and Market Positioning Analyser | Essential |
| 44 | GRC Resume Architect (ATS Killer) | Practitioner |
| 45 | GRC Company and Startup Founder Mentor | Advanced |
Not sure which prompt fits your situation? Use the full Decision Tree or scan this quick reference:
| Situation | Prompt |
|---|---|
| Building a risk register | 01 |
| Gap assessment against a regulation | 05 |
| Writing an audit finding | 10 |
| Drafting an AI governance policy | 15 |
| AI vendor due diligence | 22 |
| Stuck implementing a framework | 35 or 36 |
| Writing a board paper | 29 |
| DPIA for a new system | 07 |
| Supplier DDQ | 25 |
| Preparing for a GRC interview | 40 |
| Building a certification study plan | 38 |
| Starting a GRC consultancy | 45 |
Full guide with all 45 situations: DECISION_TREE.md
Every prompt in this library follows this format:
<role>
Senior domain expert with specific credentials and 15-20 years of experience.
</role>
<context>
[VARIABLE_ONE] - What to replace this with
[VARIABLE_TWO] - What to replace this with
</context>
<instructions>
Step 1: Diagnostic. Assess the situation before producing anything.
Step 2: Main production step with specific rules.
Step 3: Output refinement or summary.
</instructions>
<output_format>
Specific format instructions. Write in British English. No em dashes.
CRITICAL OUTPUT RULE: Never use em dashes (the โ character) anywhere in your response.
Replace every em dash with a comma, a colon, or rewrite the sentence. This rule has no exceptions.
</output_format>GRC-Prompt-Library/
โโโ README.md
โโโ LICENSE
โโโ CONTRIBUTING.md
โโโ GRC Prompt Library Kunal.xlsx # Full Excel workbook (all 45 prompts)
โโโ prompts/
โโโ DECISION_TREE.md # Situation-to-prompt guide
โโโ 01-risk-management/ # Prompts 01-04
โโโ 02-compliance/ # Prompts 05-09
โโโ 03-audit-and-assurance/ # Prompts 10-14
โโโ 04-ai-governance/ # Prompts 15-20
โโโ 05-information-security/ # Prompt 21
โโโ 06-third-party-risk/ # Prompts 22-25
โโโ 07-incident-response/ # Prompts 26-27
โโโ 08-business-continuity/ # Prompt 28
โโโ 09-board-reporting/ # Prompts 29-30
โโโ 10-policy-writing/ # Prompts 31-32
โโโ 11-training-and-awareness/ # Prompts 33-34
โโโ 12-implementation/ # Prompts 35-37
โโโ 13-career-and-development/ # Prompts 38-45
Contributions welcome. See CONTRIBUTING.md for guidelines.
Used a prompt in real work and improved it? Open a PR. Found a GRC use case not covered? Open an issue.
Built by Kunal RK under the GRC + AI Series brand.
GRC consultant, practitioner, and independent content creator. Covering ISO 42001, ISO 27001, EU AI Act, NIST AI RMF, GDPR, DORA, and all major GRC frameworks.
MIT. Use freely, commercially, without restriction. Attribution appreciated but not required.
If this library saves you time, give it a star. If it saves your team time, share it.
