Maturity assessment
A current-state score against a chosen framework, documented gaps, and a prioritised remediation plan, typically in two to four weeks.
What we deliver
- Framework selection and tailoring
We pick CIS Controls v8, NIST CSF 2.0, ISO 27001:2022, or the Secured by FM CyberSecurity baseline with you, and scale the scope to your organisation.
- Current-state scoring
Every control in the chosen framework is rated against today's operation, with a maturity score per area and a trace back to interview, document, or observation.
- Gap analysis with owner and impact
Each finding gets a named customer-side owner, an impact rating, and a short rationale for why it matters to the business.
- Prioritised remediation roadmap
The actions sit in three horizons, ninety days, six months, and twelve months, so both operations and the board can see what moves when.
- Executive summary for the board
A single document written for leadership and the board, with the maturity picture, the largest risks, and the investment choices they have to make.
How we deliver this service
- In a project
A standalone engagement with a fixed scope, typically two to four weeks up to report and presentation.
- As part of a service
Included as the baseline assessment in the Secured by FM CyberSecurity bundle and used to scope the rest of the delivery.
Recent insights on Maturity assessment
- What CISSP certification means when picking a cybersecurity consultant
CISSP signals broad security judgment and a five-year experience bar, but it does not promise hands-on depth in any single tool you buy.
- How we publish to our website with no admin login
FM CyberSecurity publishes through a Cloudflare Workers MCP server, gated by Microsoft Entra. No admin login, no user table, no CMS, no /forgot-password page.
- Charlotte AI: what does agentic SOC mean for you?
A look at how CrowdStrike's agentic SOC changes the economics of 24/7 monitoring for SMBs.