The SMB Cyber Trust Kit
protection your team will actually use
Four plain-language tools for small and medium businesses — simple policies, a risk heat-map, an incident communication script, and a guide to explaining cyber risk to non-technical people. Everything below is live and interactive, driven by an on-page Trust Advisor.
Simple policy templates
Eight fill-in-the-blank policies, personalised to your business name.
Risk heat-map
Score any risk on a 5×5 grid and see what to fix first.
Incident comms script
What to say — to staff, customers, regulators — and when.
Talk without jargon
Translate cyber risk into plain words leaders act on.
Cyber Trust Advisor
An on-page agent that works entirely from the kit. Ask it to score a risk, draft a policy, write an incident message, or explain a term in plain language. It never invents controls, prices, or legal thresholds.
How the agent stays trustworthy
- One source of truth. The advisor, this page, and the Python backend all read the same kit content.
- No fabrication. Answers come from the kit's policies, risk model, scripts, and glossary — nothing invented.
- Approval gates. Regulator and media messages are drafts that need human sign-off before they go out.
- Not legal advice. Breach-notification calls (PIPEDA / PHIPA) go to a qualified advisor.
Built for the way small teams actually work: plain words, one clear next step, and
templates you can copy in seconds. The full agent specification lives in
agents/smb_cyber_trust_kit/.
Risk Heat-Map Template
Score each risk as Likelihood × Impact (1–5 each). The colour is the band; the to-do order is worst-first. Click a cell to see the risks placed there, or move the sliders to score your own.
Starter register — your to-do order
The risks that actually hurt small businesses, scored and sorted worst-first. Edit the numbers for your business.
Simple Policy Templates
Eight short, plain-language policies. Type your business name and they fill in automatically — then copy or download. No legalese, just clear rules people will follow.
Communication During Incidents
The hardest part of an incident is knowing what to say. Pick who you're talking to and the phase you're in; the script appears with fill-in-the-blanks and the right approver.
How to Talk to Non-Technical People About Cyber Risk
Lead with the business, not the technology. Search the jargon translator, lift an analogy, and use the "what to say when…" scripts to get a yes from an owner or a board.
The principles
What to say when…
Take the kit — then make it real
Download the templates and use them today. When you're ready to put the controls in place, ClearGlass runs fixed-scope hardening, posture reviews, and PHIPA-readiness work for Ontario businesses.
The ClearGlass SMB Cyber Trust Kit provides practical guidance, not legal advice. Breach-notification obligations under PIPEDA and PHIPA depend on the facts — confirm specifics with a qualified privacy or legal advisor before notifying regulators or individuals.