Core service
A structured, framework-based review of your security posture. You get a ranked finding list, a plain-English action plan, and a Cyber Health Scorecard you can put in front of an auditor or insurer.
The problem
Cloud tools, shared logins, old user accounts, missing policies. These are the gaps that show up in breaches and failed audits. The problem isn't that you ignored security. It's that no one ever gave you a clear picture of where the real risks are. That's what this assessment does.
What to expect
The process is low-lift for you. We do the technical work. You provide access and context. Here's what the engagement looks like from start to finish.
We start with a short call to understand your practice: what tools you use, how your team works, and what's keeping you up at night. This shapes the assessment so we focus on what matters most for your situation.
We review your current setup: cloud accounts, access controls, configurations, written policies if you have them, and any previous audit results. You don't need to be technical to participate. We'll tell you exactly what we need and why.
We run your practice against a proven security framework, the NIST Cybersecurity Framework (NIST CSF), which is the standard used by compliance auditors and cyber insurers. This gives your results real-world credibility, not just a checklist opinion.
You receive a written report with findings ranked by severity and a prioritized action plan in plain English. No 80-page technical document. Just the gaps that matter, explained clearly, with the right fixes in the right order.
We walk through the findings together so you understand what each one means and why it's prioritized the way it is. You leave the call knowing exactly what to do next, whether you handle it yourself or bring us back to help.
Not a list of theoretical threats. A ranked view of the actual gaps in your practice, specific to your tools, your team, and your compliance environment.
Fixes in order of priority, explained in plain language. You know what to do first, what can wait, and what matters most for your audit or insurance situation.
Your Cyber Health Scorecard is a formal record of your security posture. Auditors, insurers, and clients can all reference it as evidence of due diligence.
Most assessments are completed within 5 to 10 business days from the discovery call, depending on the size of your practice and the number of tools in scope. You'll have a clear timeline before we begin.
No. You'll need to provide access to certain accounts and answer questions about how your practice operates. We handle all of the technical review. Everything we produce is written for a non-technical reader.
We align assessments to the NIST Cybersecurity Framework (CSF), which is the standard referenced by most compliance auditors and cyber insurers. For healthcare practices, we also map findings to HIPAA requirements. We'll confirm the right framework for your situation on the discovery call.
Minimally. We may ask a few questions about how your team handles data and what tools they use day to day. Most of the work happens on our end. We aim to keep the lift on your practice as low as possible.
You receive your findings report and Cyber Health Scorecard. From there, you can implement the recommended fixes on your own, or bring Sauvegarde back to help through our Compliance QuickStart Package or an ongoing engagement. There's no pressure to continue, but the path forward is clearly laid out if you want it.
Book a 20-minute discovery call. We'll talk through your situation and confirm whether the assessment is the right fit before you commit to anything.
Not sure where to start? The free Cyber Health Score quiz takes 5 minutes and gives you a useful baseline before the call.