Built for CCOs, IT managers, and small RIAs that need real cybersecurity compliance capability — not a full advisory engagement. One Premium membership gives your firm a working Reg S-P vendor due-diligence program with 600+ vendors already researched; automated, compliant employee training; the policy, framework, and template library we use in our own consulting engagements; and interactive tools like the Reg S-P Incident Response Plan Builder.
BrainTrust Premium is more than a document library. It packages the work an SEC-registered firm is most often asked to show: that it vets its vendors, that it trains its people, that its policies are written down and mapped to the rules — and now, tools that build those documents for you.
A living evidence database of 600+ vendors RIAs actually use — CRMs, custodians, planning, portfolio, AI platforms — each scored against a 90-field due-diligence questionnaire. Every answer independently verified from a public source with a citation and capture date, or flagged for direct vendor attestation. Select your stack, print your Rule 204-2 vendor file.
Phishing simulations, quiz tracking, and audit-ready completion reports for up to 50 employees — the training evidence Reg S-P's Safeguards Rule expects.
Comparable standalone training: $800–$1,750/yr.Answer five minutes of questions; get your firm's complete Reg S-P incident response plan as an editable Word document — every section mapped to §248.30, with a printable quick-reference card.
The same editable policies, frameworks, and exam-prep tools MTradecraft delivers in consulting engagements — each mapped to the rule it supports.
The AI Compliance Framework, governance workbook, output validation protocol, and AI marketing claims checklist — plus an AI supplemental track inside the vendor portal.
Members email MTradecraft directly with cybersecurity compliance questions — answers from the practice, not a help desk.
All of it — $2,500 a year, flat.
The vendor due-diligence work amended Reg S-P now expects — already done and continuously maintained. A living database of the vendors RIAs rely on, each scored against our 90-field due-diligence questionnaire, now including an AI supplemental section covering model training, data retention, and AI subprocessors. Every answer is independently verified from a public source (with a link and capture date) or flagged as requiring direct vendor attestation. High-sensitivity vendors are fully covered today; coverage expands continuously.
The BrainTrust is not a marketing handout. The Premium library is the set of policies, frameworks, and templates MTradecraft drafts, maintains, and delivers to its consulting clients — organized the way you'll use them, each mapped to the rule it supports.
Cybersecurity Policies & Procedures Manual (Reg S-P), NPI Data Inventory, Access Control & MFA, Annual Risk Assessment, Data Disposal.
Incident Response Plan, Tabletop Exercise Kit, Wire-Transfer & Disbursement Verification — plus the interactive IRP Builder.
AI Compliance Framework & Governance Workbook, AI Output Validation Protocol, AI Marketing Claims Review Checklist.
Vendor Due-Diligence Questionnaire and Confidentiality Agreement — alongside the 600-vendor evidence portal.
206(4)-7 Annual Review, Compliance Calendar, Compliance Meeting Agenda, Mock SEC Cyber Audit.
Code of Ethics, Conflicts of Interest, Gifts & Entertainment, Political Contributions, Outside Business Activity.
Client Communication Letter Suite, Form ADV Amendment Checklist, Reg S-ID Red Flags, USA PATRIOT Act / AML.
Marketing Procedures Policy, Firm & Employee Social Media Policies, Promoter & Solicitor Oversight.
Best Execution Evaluation, Trade Error Policy & Log, Proxy Voting, Custody Rule Compliance Checklist.
Employee Technology Use Agreement, Whistleblower Policy, and acknowledgement forms.
Business Continuity Plan, Books & Records Policy, Written Supervisory Procedures.
SEC Exam Document Production Checklist, First-Time Examination Guide, Cybersecurity Request Bundle.
60+ editable documents across a dozen categories, each mapped to the rule it supports. Browse the full library →
The Securing Compliance report, the SEC Exam Cybersecurity Preparedness Brief, the Reg S-P Impact Summary, and our ongoing BrainTrust posts — no payment required.
Phishing simulations, quiz tracking, and audit-ready completion reports — the training evidence retained for your examination file.
The Free tier is built to put real material into the hands of CCOs and IT managers who are still organizing their cybersecurity program. The Premium tier adds everything above — the Reg S-P vendor due-diligence portal, automated employee training, the full policy and framework library, and the interactive builders.
A practical starting point for firms that need better direction before engaging a consultant or building a more formal cybersecurity compliance program.
Designed for firms that want the documentation backbone of a cybersecurity compliance program, but do not yet need MTradecraft to operate the program on their behalf.
Yes. The subscription is managed through Memberful. You can cancel future charges at any time from your account portal — no phone calls, no penalty. You retain access through the end of the paid period.
No. BrainTrust templates are provided as editable Word documents that the member adapts to their firm's specifics. If you need documents drafted to your firm, that is a Cyber Compliance Consultant engagement.
No. A BrainTrust membership is a resource subscription, not a consulting relationship. For DDQ and examination purposes requiring a named cybersecurity expert or CISO, the Remote CISO engagement is what's required.
The Premium membership includes FieldCraft for up to 50 users. If your firm exceeds 50 users, additional seats can be added on a separate FieldCraft subscription at $4.00 per user per month (billed annually).
Templates do not pass examinations — implemented programs do. A BrainTrust template gives you a defensible starting point written by a knowledgeable party. Whether your firm passes an exam depends on how the policies are adopted, implemented, reviewed, and documented over time.
Free account first if you want to read the Securing Compliance report and access our posts. Upgrade to Premium when you decide the full library is worth it.