diff --git a/security-threat-analysis/source/index.rst b/security-threat-analysis/source/index.rst
index 6d48cba8..493243c9 100644
--- a/security-threat-analysis/source/index.rst
+++ b/security-threat-analysis/source/index.rst
@@ -16,6 +16,8 @@ Contents
    objectives.rst
    threat-analysis-process.rst
    templates/architecture-page.rst
+   templates/review-findings.rst
+   templates/review-notes.rst
    architecture-diagram-guidance.rst
    todo.rst
 
diff --git a/security-threat-analysis/source/templates/architecture-page.rst b/security-threat-analysis/source/templates/architecture-page.rst
index 1ea58a75..e745b107 100644
--- a/security-threat-analysis/source/templates/architecture-page.rst
+++ b/security-threat-analysis/source/templates/architecture-page.rst
@@ -47,12 +47,8 @@ Differences from previous architecture
 If this is a revision of a prior architecture, briefly list the new components
 and interfaces. If this is a new architecture that replaces a prior service,
 briefly describe how this service differs from its ancestor. If this is an
-entirely new service with no precedent, then state only "This is a new service
-with no related prior solution".
-
-For example:
-
-- New OpenStack service added in Liberty.
+entirely new service with no precedent or one that has not been reviewed
+previously, then remove this section.
 
 
 External dependencies & associated security assumptions
@@ -73,20 +69,23 @@ For example:
 Components
 ~~~~~~~~~~
 
-In the component descriptions that follow, IC means that in a typical
-deployment,they reside in hosted instances on the cloud, and UC means they are
-likely to be in the under cloud infrastructure.
+In the component descriptions that follow, I-C means that in a typical
+deployment, they reside in hosted instances on the cloud, and U-C means they
+are likely to be in the under cloud infrastructure. O-C means they are outside
+of the cloud.
 
-- component-1 (optional product/technology name)[IC or UC]: Describe component
-- component-2 [IC]: Describe component
-- component-3 [UC]: Describe component
+- component-1 (optional product/technology name)[I-C or U-C]: Describe
+  component
+- component-2 [I-C]: Describe component
+- component-3 [U-C]: Describe component
+- component-3 [O-C]: Describe component or service
 
 For Example:
 
-- Worker Queue (rabbitmq) [UC]: This queue is used to process new order
+- Worker Queue (rabbitmq) [U-C]: This queue is used to process new order
   requests. Other systems involved submit and receive data via this queue.
-- Database (MySQL) [IC or UC]: Open-source sql database to store Barbican state
-  data related to its managed entities and their metadata.
+- Database (MySQL) [I-C or U-C]: Open-source sql database to store Barbican
+  state data related to its managed entities and their metadata.
 
 
 Interfaces
diff --git a/security-threat-analysis/source/templates/review-findings.rst b/security-threat-analysis/source/templates/review-findings.rst
new file mode 100644
index 00000000..b8c6b3be
--- /dev/null
+++ b/security-threat-analysis/source/templates/review-findings.rst
@@ -0,0 +1,75 @@
+=================================
+Security review findings template
+=================================
+
+<Project name> security review findings - version/release
+=========================================================
+
+**Status**: Draft/Completed
+
+**Release**: Juno/Kilo/Liberty/Newton
+
+**Version**: 0.01 if applicable
+
+**Review Date**: mm/dd/yyyy
+
+**Review Body**: <OpenStack Security Project/Name of Third Party Organisation >
+
+**Contacts**:
+
+- PTL: name - irc handle
+
+- Architect: name - irc handle
+
+- Security Reviewer: name - irc handle
+
+- OpenStack Security Project Reviewer: <name> (only applicable for third party
+  security reviews)
+
+
+1. Finding title
+~~~~~~~~~~~~~~~~
+
+- Risk: <Description of the Risk of this Finding>
+- Impact: <Description of the Impact of this risk>
+- Likelihood: <Low/Medium/High>
+- Impact: <Low/Medium/High>
+- Overall Risk Rating: <Low/Medium/High>
+- Bug: <link to launchpad bug for this finding>
+- Recommendation: <Description of the recommended resolution for this finding>
+- Investigation Results: <Results of any investigation into this finding, such
+  as investigating and discovering this is a weakness in the core technology,
+  find that there is already a blueprint or patch in to fix it, or that a bug
+  should be opened for this>
+
+
+2. Finding title
+~~~~~~~~~~~~~~~~
+
+- Risk: <Description of the Risk of this Finding>
+- Impact: <Description of the Impact of this risk>
+- Likelihood: <Low/Medium/High>
+- Impact: <Low/Medium/High>
+- Overall Risk Rating: <Low/Medium/High>
+- Bug: <link to launchpad bug for this finding>
+- Recommendation: <Description of the recommended resolution for this finding>
+- Investigation Results: <Results of any investigation into this finding, such
+  as investigating and discovering this is a weakness in the core technology,
+  find that there is already a blueprint or patch in to fix it, or that a bug
+  should be opened for this>
+
+
+3. Finding title
+~~~~~~~~~~~~~~~~
+
+- Risk: <Description of the Risk of this Finding>
+- Impact: <Description of the Impact of this risk>
+- Likelihood: <Low/Medium/High>
+- Impact: <Low/Medium/High>
+- Overall Risk Rating: <Low/Medium/High>
+- Bug: <link to launchpad bug for this finding>
+- Recommendation: <Description of the recommended resolution for this finding>
+- Investigation Results: <Results of any investigation into this finding, such
+  as investigating and discovering this is a weakness in the core technology,
+  find that there is already a blueprint or patch in to fix it, or that a bug
+  should be opened for this>
diff --git a/security-threat-analysis/source/templates/review-notes.rst b/security-threat-analysis/source/templates/review-notes.rst
new file mode 100644
index 00000000..8c7943d1
--- /dev/null
+++ b/security-threat-analysis/source/templates/review-notes.rst
@@ -0,0 +1,61 @@
+==============================
+Security review notes template
+==============================
+
+<Project name> security review notes - <version/release>
+========================================================
+
+**Status**: Draft/Completed
+
+**Release**: Juno/Kilo/Liberty/Newton
+
+**Version**: 0.01 if applicable
+
+**Review Date**: mm/dd/yyyy
+
+**Review Body**: <OpenStack Security Project/Name of Third Party Organisation >
+
+**Contacts**:
+
+- PTL: name - irc handle
+
+- Architect: name - irc handle
+
+- Security Reviewer: name - irc handle
+
+**Reviewers**:
+
+- <Project>: <reviewer names/handles>
+- <Security Review Body>: <reviewer names/handles>
+- OpenStack Security Project: <reviewer names/handles> (only applicable for
+  third party reviews)
+
+
+Review
+~~~~~~
+
+
+Abuse cases
+-----------
+
+- <abuse case>
+- <abuse case>
+
+
+Architectural diagram walkthrough
+---------------------------------
+
+- notes
+
+
+Sequence/DFD diagram walkthrough
+--------------------------------
+
+- notes
+
+
+Actions
+-------
+
+1. action 1
+2. action 2