Baseline Security Assessment

Baseline Security Assessment

SMB Non-Technical

Before recommending what to fix, we need to understand what you have.

This assessment documents your current security posture: the systems you rely on, what protections are already in place, and where the gaps are. You get an honest starting point with findings in plain language, not generic IT terminology.


Contact Us Read More Our Services

Baseline Security Assessment

Understanding your current security posture is the foundation for any meaningful improvement. This assessment provides a clear picture of where you stand today, identifying both existing protections and security gaps across your critical business systems.

Our Approach

Discovery and Inventory

We start with a discovery exercise to inventory your key systems (email, file storage, backups, financial systems) and understand how your business actually uses them. This isn’t about cataloguing every device; it’s about understanding what matters to your operations and where your critical data lives.

Framework-Based Assessment

We select a security framework appropriate for your company size and maturity (such as Cyber Essentials or similar SMB-focused frameworks) and assess which controls you have in place today.

Rather than overwhelming you with hundreds of controls, we focus on the subset most relevant to your business: measures that address the specific risks you care about (like ransomware resilience and payment fraud prevention), plus fundamental protections every business needs.

This framework-based approach provides two key benefits:

  • Measurable progress as you implement improvements
  • Standardised documentation that makes it easier to answer insurance questionnaires or work with IT providers in the future

What You Receive

  • System Inventory: Documentation of your critical business systems, where data is stored, and who has access
  • Baseline Assessment: Clear picture of which security controls you have in place today and which are missing
  • Gap Analysis: Identification of missing protections, with each gap linked to the business risks it affects

What This Assessment Provides

The assessment gives you an honest starting point. It tells you where you are, not where you should be (that comes in the strategy phase). All findings are documented in plain language, referencing your specific systems rather than generic IT terminology.

This assessment is designed as a standalone deliverable, but works particularly well as the foundation for Security Strategy Development, where we translate findings into a prioritised improvement roadmap.

Is This For You?

This service is designed for:

  • Small to medium businesses without dedicated security staff
  • Companies relying on general IT support that lacks security expertise
  • Organisations wanting to understand their current security posture before investing in improvements
  • Businesses needing documentation for insurance applications or vendor questionnaires