# Product Security Team Staffing, Capacity, and RASI Workbook > **Why this page exists:** Product Security directors eventually need a simple workbook that supports headcount planning, role coverage, and who-does-what mapping across AppSec, DevSecOps, architecture, platform, QA, and leadership. ## Workbook asset * [product-security-team-staffing-and-rasi-v6.4.xlsx](https://github.com/D3One/Product-Security-Gitbook/blob/main/assets/workbooks/product-security-team-staffing-and-rasi-v6.4.xlsx) ## What is inside | Sheet | Use it for | | ---------------- | ---------------------------------------------------------------------------------------------------- | | Role Catalog | Explain what each role exists to do and how it maps to domains. | | Staffing Model | Compare current FTE, target FTE, gaps, and hiring priority. | | Coverage Planner | Make domain ownership and backup ownership explicit. | | RASI Matrix | Map recurring Product Security activities to responsible, approving, supporting, and informed roles. | | Hiring Roadmap | Turn the FTE gap into a staged hiring plan. | | References | Keep source URLs and design assumptions in one place. | ## How to use it 1. Replace placeholder staffing numbers with your real current-state and target-state data. 2. Rename or split roles to match your operating model. 3. Decide whether **RASI** or **RACI** is the official responsibility language and keep it consistent. 4. Review the workbook alongside the policy templates for roles, SoD, metrics, and champions governance. ## Good practice Do not use a staffing workbook only as an HR list. It becomes useful when it answers three leadership questions: * who owns each Product Security domain; * where coverage is thin or single-threaded; and * which activities still depend on heroic individuals rather than a stable operating model. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.product-security.expert/strategy-governance-and-leadership/index/product-security-team-staffing-capacity-and-rasi-workbook.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.