Step 01 · Required first

Security & Compliance
Baseline Assessment

A structured 2–3 week assessment of your full security posture. We map every gap, rank every risk, and give you a prioritized roadmap. The foundation for everything that follows.

Book a Fit Call €2,500 · Credited toward Sprint

Our guarantee

If we do not find at least 10 actionable security gaps, the Assessment is free. We have never had to honour this — but it tells you something about our confidence.

What it is

Map every gap before
you fix anything.

Most security problems in growing SaaS companies aren't caused by a single failure — they're caused by a pile of small gaps that nobody has ever mapped, prioritized, or documented. The Assessment changes that.

In 2–3 weeks, we conduct a structured review across six security domains. We interview the right people, examine your actual environment, and produce a findings report you can act on — not a generic questionnaire output.

The Assessment is required before any Sprint or managed engagement. It's how we make sure everything we implement is calibrated to your actual gaps — not assumptions.

At a glance

Duration 2–3 weeks
Price €2,500 fixed
Credit Fully credited toward Sprint
Domains 6 security domains
Frameworks ISO 27001 · SOC 2 · PCI DSS
Book a Fit Call

What we assess

Six domains.
No blind spots.

Every assessment covers the same six domains — not because it's a checklist, but because these are the exact areas auditors, enterprise customers, and regulations will scrutinize.

01 / Identity
Identity & Access Management
SSO coverage, MFA enforcement gaps, directory structure, conditional access policies, privileged access controls, and joiner-mover-leaver workflow maturity.
02 / Endpoint
Endpoint & Device Security
MDM enrollment coverage, disk encryption status, patch currency, EDR deployment, shadow IT and unmanaged device exposure, BYOD risk.
03 / Backup
Backup & Recovery
Cloud backup coverage for email, files, and SaaS data. Retention policy review, recovery testing evidence, RTO/RPO clarity, and single-point-of-failure risks.
04 / Logging
Logging & Monitoring
Log centralization status, audit log retention periods, existing alert coverage, detection gaps for identity and endpoint events, and incident response baseline.
05 / Offboarding
Offboarding Process
Access revocation timeliness, system coverage, audit trail existence, SaaS account orphaning, device return process, and evidence of past offboardings.
06 / Policies
Policy & Documentation
Existence and completeness of core security policies, version control, approval records, staff awareness, and compliance with ISO 27001 or SOC 2 documentation requirements.

What you receive

A structured report.
Not a spreadsheet dump.

The Assessment deliverable is designed to be immediately useful — for your leadership team and as input for the Sprint scope.

Deliverable 01

Full Findings Report

Structured findings across all six domains. Each gap is documented with evidence of the problem, the risk it creates, and what needs to be done to remediate it.

Deliverable 02

Prioritized Remediation Roadmap

Every gap ranked by risk severity and compliance impact. Grouped into immediate, 30-day, and 90-day remediation horizons. This becomes the Sprint scope.

Deliverable 03

Compliance Exposure Summary

Mapped against ISO 27001 Annex A, SOC 2 Trust Service Criteria, and PCI DSS where applicable. Tells you exactly which controls are missing for your target framework.

Deliverable 04

Executive Summary

A concise leadership-facing summary of posture, top risks, and recommended next steps. Designed to be shared with your board, investors, or lead enterprise customer.

Who it's for

You need this if any of
these sound familiar.

01

Enterprise customers are asking for security documentation

You're losing deals or stalling sales cycles because you can't answer security questionnaires with confidence.

02

ISO 27001 or SOC 2 is on your roadmap

You know you need certification. You don't know exactly how far you are from it, or where to start.

03

Security lives in your CTO's head

Decisions are made reactively. Nothing is documented. You've never had a structured view of your full security posture.

Ready to start?

Book a Fit Call.
We'll take it from there.

The Fit Call is a 30-minute discovery conversation. We review your environment, confirm fit, and scope the Assessment. No obligation, no pitch deck.

Book a Fit Call See the 90-Day Accelerator →

€2,500 · 2–3 weeks · Fully credited toward the Sprint