System Architecture Document

Draft a system architecture document for [system or application name] at [company name]. System overview (describe in plain language): [what this system does, who uses it, and why it matters] Components to document: - Frontend / user interface: [describe or list technologies] - Backend / application layer: [describe or list] - Database layer: [describe — type, hosting, data stored] - Integrations: [list external systems or APIs connected to this system] - Infrastructure: [cloud provider, hosting environment, key services used] - Authentication and authorization: [how users log in and what controls access] Document sections: 1. System overview (purpose, scope, primary users) 2. Architecture diagram description (describe the components and how they connect — suitable for a diagram tool) 3. Component descriptions (1–2 paragraphs per component) 4. Data flow: how data moves through the system for the 2–3 primary use cases 5. Security architecture: authentication, authorization, encryption, and key controls 6. Scalability and availability design 7. Known limitations and technical debt 8. Glossary of technical terms Audience: IT team, new engineers, and audit. Tone: precise but readable.

IT Runbook for Common Procedures

Create an IT runbook for [procedure name, e.g., "New Employee Provisioning," "Server Patching," "Incident Response"]. System or process involved: [name] Audience: [e.g., IT help desk, on-call engineers, IT administrators] Frequency: [e.g., daily, on-demand, monthly] Runbook sections: 1. Purpose and scope: what this runbook covers and when to use it 2. Prerequisites: required access, tools, and permissions 3. Step-by-step procedure: numbered steps with exact commands, UI paths, or actions - Include conditional steps (if X then do Y) - Include verification steps to confirm each stage completed successfully 4. Rollback procedure: how to undo changes if something goes wrong 5. Common errors and resolutions: 3–5 specific errors with causes and fixes 6. Escalation: who to contact and when if the runbook doesn't resolve the issue 7. Change log: table for tracking updates to the runbook Use precise language. Include exact system names, field names, and expected outputs. Avoid vague steps like "configure the settings."

Technology Decision Memo

Write a technology decision memo documenting the rationale for [technology decision, e.g., "selecting AWS over Azure," "adopting a microservices architecture," "choosing PostgreSQL over MongoDB"]. Decision: [describe the technology choice made] Decision date: [date] Decision makers: [names/roles] Context: [what problem or need prompted this decision? 1–2 sentences] Memo sections: 1. Decision summary (what was decided — 1 paragraph) 2. Problem statement (why a decision was needed — specific, not vague) 3. Options evaluated (list 3–4 alternatives considered) 4. Evaluation criteria (list 4–6 criteria used — e.g., cost, security, scalability, team expertise, vendor support) 5. Comparison table (options in rows, criteria in columns — note how each option performed) 6. Rationale for the chosen option (3–4 sentences explaining why this option won) 7. Trade-offs and risks accepted (what we gave up or risks we're taking on) 8. Implementation notes and next steps 9. Review date (when will this decision be revisited?) Audience: CTO, engineering leads, audit. This memo should be durable and useful in 2 years.

AI Vendor Security Review Brief

You are helping an IT leader evaluate an AI vendor. Draft a structured security and privacy review brief covering: (1) data handling and storage practices, (2) access controls and authentication requirements, (3) compliance certifications relevant to our industry, (4) incident response and breach notification procedures, (5) data retention and deletion policies. Vendor: [VENDOR NAME]. Tool: [TOOL DESCRIPTION]. Our industry: [INDUSTRY]. Format as a review brief with a summary recommendation at the end.

AI Acceptable Use Policy Starter

Draft a starting-point AI acceptable use policy for our organization. The policy should cover: (1) approved AI tools and categories, (2) data classification — what can and cannot be entered into AI tools, (3) disclosure requirements when AI is used in work products, (4) prohibited uses, (5) employee responsibilities. Write it in plain language suitable for a non-technical audience. Organization type: [TYPE]. Industry: [INDUSTRY]. Size: [SIZE]. Any specific tools already in use: [TOOLS].

Data Classification Policy

Draft a data classification policy for [company name], a [company size] company in [industry]. The policy should define classification tiers, provide examples, and set handling requirements for each level. Classification tiers to define: 1. Public: data that can be freely shared externally 2. Internal: data for employee use only, not for external sharing 3. Confidential: sensitive business data requiring access controls 4. Restricted: highest sensitivity — PII, regulated data, financial data, trade secrets For each tier, specify: - Definition and examples (specific to our industry) - Who may access it - Storage and transmission requirements - What may and may not be entered into AI tools - Retention and disposal requirements - Breach notification obligations Include: - A simple decision tree employees can use to classify data - A quick-reference table (tier / examples / AI tool use / external sharing) - A FAQ section (5–6 questions) for common classification dilemmas Write in plain language. Employees without a security background should be able to use this policy.

Security Incident Response Plan

Draft a security incident response plan for [company name], a [company size] company in [industry]. Primary risks to address: [e.g., ransomware, phishing/credential compromise, data breach, insider threat, DDoS] Regulatory requirements: [e.g., HIPAA, SOC 2, GDPR, PCI DSS — or "none specified"] Incident response team members: [list roles — e.g., CISO, IT Manager, Legal, HR, Communications, Executive Sponsor] Plan sections: 1. Purpose and scope 2. Incident severity levels (define Critical, High, Medium, Low with examples) 3. Detection and reporting: how incidents are identified and who to notify immediately 4. Incident response phases: - Identification (confirm and classify the incident) - Containment (stop the spread — short-term and long-term) - Eradication (remove the threat) - Recovery (restore systems and validate) - Post-incident review (lessons learned) 5. Communication plan: internal, customer, regulatory, and public communications — who approves and sends each 6. Contact list template (IR team, legal, insurance, FBI/law enforcement, key vendors) 7. Post-incident report template Format as a document the incident response team can reference during an active incident.

IT Change Communication Email

Write a clear, non-technical email to all staff announcing a system change or new tool rollout. The email should explain: (1) what is changing and when, (2) who is affected, (3) what action (if any) staff need to take, (4) where to get help or ask questions. Avoid technical jargon. Keep it under 200 words. Change: [DESCRIBE THE CHANGE]. Go-live date: [DATE]. Primary contact for questions: [NAME/EMAIL].

Help Desk Response Template Library

Create a library of 6 help desk response templates for [company name]'s IT support team to use in their ticketing system. Scenarios to cover: 1. Ticket acknowledgment (let the user know we received their request and set expectations) 2. Password reset instructions (clear, step-by-step) 3. Request for more information (we need details before we can help) 4. Escalation notification (we're escalating this to a specialist or vendor) 5. Resolved and closed (explaining what was done and how to avoid the issue in the future) 6. Scheduled maintenance notification (proactive outreach before planned downtime) For each template: - Subject line (for email-based tickets) - Body text (professional, empathetic, and jargon-free) - [Placeholder fields] for ticket-specific details - Tone note: what makes this template effective Target audience for the emails: non-technical employees. Maximum reading time per email: 30 seconds.

IT Self-Service FAQ

Create an IT self-service FAQ for employees at [company name] covering the most common help desk requests. Common request categories to cover: - Password and account access: [include password reset, MFA setup, account lockout] - VPN and remote access: [include how to connect, troubleshoot, and who to call if down] - Email and calendar: [include common issues with [email platform, e.g., Outlook/Gmail]] - Hardware and equipment: [include requesting equipment, reporting damage, returning gear] - Software and app access: [include requesting software, approved tools list, AI tool access] - Security and phishing: [include how to report a phishing email, what to do if you clicked] For each FAQ item: - Question (written in the employee's language, not IT's language) - Step-by-step answer (numbered, 3–6 steps) - Link or reference to more detail (placeholder: "[link to full article]") Format as a self-service knowledge base article employees can read in under 5 minutes.

Technology Implementation Plan

Create a technology implementation plan for [system/tool/platform name] at [company name]. Project context: - What is being implemented: [describe the system and its purpose] - Business driver: [why now — e.g., current system end-of-life, new compliance requirement, capacity needs] - Scope: [departments, users, or processes affected] - Target go-live date: [date] - Project team: [list key roles — project manager, IT lead, vendor PM, business owner] Plan sections: 1. Project overview and objectives 2. Implementation phases (suggest phases appropriate to the system type): - Phase 1: Discovery and requirements (what, who, timeline) - Phase 2: Configuration and development (key activities) - Phase 3: Testing (types of testing, success criteria, user acceptance) - Phase 4: Training and change management - Phase 5: Go-live and hypercare - Phase 6: Stabilization and handoff 3. Key milestones and target dates 4. Risks and mitigation strategies (3–5 risks) 5. Resource requirements (internal hours, vendor support, budget estimate) 6. Success metrics: how will we know the implementation succeeded? 7. Go/No-go criteria for production launch Format as a project plan the IT leader can present to executive sponsors.

IT Project Status Report

Write an IT project status report for [project name] at [company name] for the period ending [date]. Project overview: [1–2 sentences on what this project is and what it will deliver] Overall status: [Green / Yellow / Red — with one-line reason] This period summary: - Completed tasks: [list] - In-progress tasks: [list with % complete] - Upcoming tasks (next 2 weeks): [list with target dates] Technical updates: - Environment or infrastructure changes: [describe or note "none"] - Integration or dependency updates: [describe or note "none"] - Security or compliance milestones: [describe or note "none"] Issues and risks: - Open issues: [list with owner, severity, and resolution plan] - New risks: [list with likelihood and mitigation] Budget: [on track / over / under — with notes] Schedule: [on track / ahead / behind — with notes] Decisions needed: [list any blockers requiring leadership input] Format as a concise 1-page report for IT leadership and business stakeholders. Non-technical language where possible.

Technology Vendor RFP

Draft a technology vendor RFP (Request for Proposal) for [company name] evaluating [technology category, e.g., "cloud-based ITSM platform," "endpoint detection and response (EDR) solution"]. Business requirements: - Problem being solved: [describe] - Number of users: [number] - Integrations required with existing systems: [list systems, e.g., Active Directory, Slack, Jira] - Compliance requirements: [e.g., SOC 2 Type II, HIPAA, FedRAMP] - Budget range: [annual spend target] - Timeline: [desired go-live date] RFP sections to generate: 1. Company background and project overview 2. Functional requirements (must-have vs. nice-to-have) — generate a comprehensive list based on the category 3. Technical requirements (hosting, security, APIs, integrations, uptime SLA) 4. Security and compliance requirements 5. Vendor qualification requirements (references, certifications, financial stability) 6. Implementation and support requirements (onboarding, training, support tiers) 7. Pricing requirements (structure, format, what to include) 8. Evaluation criteria and weighting 9. Proposal timeline and submission instructions Format as a formal document for external distribution.

Vendor Security Questionnaire

Create a vendor security questionnaire for [company name] to send to potential technology vendors before procurement. Our regulatory environment: [e.g., healthcare / finance / government / general commercial] Key data the vendor will handle: [e.g., employee PII, customer financial data, health records, internal business data] Vendor type: [SaaS / on-premise software / managed service provider / cloud infrastructure] Questionnaire sections: 1. Company and compliance overview (5–7 questions: certifications, audits, last audit date) 2. Data handling and storage (8–10 questions: where data is stored, encryption, retention, deletion) 3. Access controls and identity management (6–8 questions: MFA, least privilege, privileged access) 4. Incident response and breach notification (5–7 questions: IR plan, notification timeline, tabletop exercises) 5. Vendor and supply chain risk (4–5 questions: subprocessors, fourth-party risk, vendor vetting) 6. Business continuity and disaster recovery (4–5 questions: RTO, RPO, testing frequency) 7. AI-specific questions (if applicable): what AI models does the vendor use, is customer data used to train models, opt-out options Format as a structured questionnaire with space for vendor responses. Include a scoring rubric for evaluating responses.

New Employee IT Onboarding Guide

Write a new employee IT onboarding guide for [company name]. Systems and tools the new hire will need to set up: - Email and calendar: [platform, e.g., Google Workspace / Microsoft 365] - Communication: [e.g., Slack, Teams] - VPN / remote access: [tool name] - Identity / single sign-on: [e.g., Okta, Azure AD] - Core business tools: [list 3–5 — e.g., Salesforce, Jira, Zoom] - Hardware: [e.g., MacBook, Windows laptop — any standard setup steps] Guide structure: 1. Before Day 1: what IT will set up in advance (the new hire doesn't need to do this) 2. Day 1 checklist: step-by-step setup in the order it should happen (numbered, with clear instructions for each step) 3. First week tasks: complete setup of secondary tools, attend IT orientation, verify access 4. Security requirements: what the employee must complete (MFA enrollment, security training, endpoint compliance) 5. How to get IT help: ticketing system, self-service resources, escalation path 6. Approved tools policy: where to find the approved software list and how to request new tools Keep instructions non-technical. Write for someone who is not an IT professional.

Security Awareness Training Content

Create security awareness training content for [company name], a [company size] company in [industry]. Audience: all employees (non-technical) Delivery format: [short-form written content / video script / live training outline] Training objective: employees can identify and respond correctly to phishing, social engineering, and common data handling mistakes. Generate content for the following modules: Module 1 — Phishing and Email Threats: - What phishing looks like today (3–4 realistic examples relevant to our industry) - Red flags to look for (8–10 specific, concrete signals) - What to do if you receive a suspicious email (step-by-step) - What NOT to do (common mistakes) Module 2 — Passwords and Account Security: - Why weak passwords matter (brief, non-preachy) - How to create a strong password / use a password manager - Multi-factor authentication: what it is and how to set it up Module 3 — Data Handling: - What data classification means in plain language - What data can and cannot be shared externally or entered into AI tools - How to handle a suspected data breach (who to call, what not to do) Format each module as a 5–7 minute reading or watching experience. Include a 5-question quiz at the end of each module.