Frequently Asked Questions

Our free Security Scorecard is a 15-question assessment based on the NIST Cybersecurity Framework (CSF) 2.0. It evaluates your organization across three key areas: Protect, Detect & Respond, and Govern. You'll get an instant score with actionable findings in about 90 seconds.

Each question is weighted based on its security impact. Your answers (Verified, Yes, Partial, No) are scored against these weights. The overall score is a percentage (0-100) across three NIST CSF 2.0 categories: Protect (40%), Detect & Respond (35%), and Govern (25%).

Assessment results are not permanently stored unless you choose to create an account. If you provide your email for the results report, we only use it to send you the report and relevant security updates. We never sell your data.

Yes! You can retake the scorecard as many times as you'd like. We recommend retaking it quarterly to track your security improvements over time.

The scorecard is based on the NIST Cybersecurity Framework (CSF) 2.0, the gold standard for cybersecurity assessment used by organizations worldwide. Our questions also align with CIS Controls and common cyber insurance requirements.

We offer three packages: Essential ($3,000) for small businesses with 1-2 critical gaps (~6 hours of expert time), Standard ($6,000) for mid-size organizations needing a full Azure/M365 assessment (~12 hours), and Comprehensive ($12,000) for complex environments requiring multi-phase assessment and hands-on remediation (~20 hours).

Our Essential package typically takes 1-2 weeks, Standard takes 2-4 weeks, and Comprehensive takes 4-8 weeks depending on the complexity of your environment. We'll provide a detailed timeline during our initial consultation.

We serve organizations across all industries with a focus on small and mid-size businesses (10-1000 employees). We have particular expertise in healthcare, financial services, legal, manufacturing, and technology sectors.

Our team holds CISSP, CISM, CEH, and other industry-recognized certifications. We maintain active expertise in NIST CSF, CIS Controls, SOC 2, ISO 27001, and common compliance frameworks.

The fastest way to get started is to take our free Security Scorecard. Based on your results, you can request a consultation directly from your results page. Alternatively, visit our Request Help page to tell us about your needs and we'll match you with the right expert.

Absolutely. Our scorecard runs entirely in your browser — no data is sent to our servers until you explicitly submit it. We use HTTPS encryption for all data transmission and follow security best practices for our own infrastructure.

Never. We do not sell, share, or monetize your personal or assessment data. If you provide your email, it's used solely for sending you results and security-related updates. You can opt out at any time.

We use Supabase with Row Level Security (RLS) for our database, HTTPS for all transmissions, and follow the principle of least privilege for data access. Our infrastructure is hosted on enterprise-grade cloud providers with SOC 2 compliance.

Creating an account is free and takes 30 seconds. Just enter your name and email, and we'll send you a magic link — no password needed. An account lets you save your assessment history and access additional tools.

A free account gives you access to all our security assessments (Security Scorecard, Insurance Risk Check), incident response playbooks, and the ability to save your assessment history. Our consulting services are available separately.