Due-Diligence Report Builder
The diligence packet your CISO usually waits two weeks for. Five minutes. Yours to keep.
Four steps, about five minutes. Each step below tells you what it covers and why we ask. At the end you walk away with a CybrIQ technical questionnaire populated against your environment — the same artifact a security review demands, ready to forward.
1. About you 2. ROI 3. Competitive 4. Briefing deck
Step 1 — About your organization
We use these inputs to populate every slide that says "our environment." Industry sets the breach statistics and regulatory framework references. Audits and tooling drive the compliance-coverage map and the alternatives table. The website lets us pull your logo onto the cover. The free-form project description is reproduced verbatim in the executive summary so the deck reads in your voice. Optional fields can be left blank.
What this drives. Sets the breach statistics and regulatory framework references used throughout the deck. Healthcare pulls HIPAA OCR figures and IBM Cost of a Data Breach 2024 healthcare numbers. Financial Services pulls PCI DSS 4.0, GLBA, NYDFS. Government & Federal pulls NDAA Section 889, FedRAMP, FISMA, CMMC L2. Higher Education pulls HIPAA, PCI, GLBA, CMMC for research labs.
What to pick. The sector your organization regulates under, not the sector you sell into. AV Integrators is for the channel partners themselves.
What to pick. The sector your organization regulates under, not the sector you sell into. AV Integrators is for the channel partners themselves.
What this drives. Calibrates the ROI math against typical staffing ratios for GRC, audit, and IT-security teams. Also informs the “risk-class” framing in the deck's exec summary (a 250-person org with 50,000 records does not get the same risk write-up as a 25,000-person org).
What to enter. Best estimate, total headcount, full-time equivalents. Contractors and seasonal staff count if they have network access. Skip if unknown.
What to enter. Best estimate, total headcount, full-time equivalents. Contractors and seasonal staff count if they have network access. Skip if unknown.
What this drives. Sets the scale of the ROI conversation in the deck. Smaller bands lead the CFO conversation with absolute dollars; larger bands lead with FTE equivalents and audit-cycle compression. Also informs the cyber-insurance premium-baseline assumption used on the “additional savings” line.
What to pick. Most recent fiscal year. Public-sector / non-profit category exists because the math frames differently for those orgs (no premium-savings line; emphasis on grant compliance and IG reporting).
What to pick. Most recent fiscal year. Public-sector / non-profit category exists because the math frames differently for those orgs (no premium-savings line; emphasis on grant compliance and IG reporting).
What this drives. Every figure on the next step scales by room count: audit-prep hours, pricing baseline, equivalent-FTE math, and the deck's headline savings number.
What to enter. Total rooms across every site you support. Include rooms behind reception, exec suites, training rooms, and any room with a managed switch port behind a display. Conservative: count only the rooms with permanent video gear; aggressive: count every room with a network port.
When to skip. Required field. If unknown, use a round estimate; the math is linear and will scale cleanly when refined.
What to enter. Total rooms across every site you support. Include rooms behind reception, exec suites, training rooms, and any room with a managed switch port behind a display. Conservative: count only the rooms with permanent video gear; aggressive: count every room with a network port.
When to skip. Required field. If unknown, use a round estimate; the math is linear and will scale cleanly when refined.
Total rooms across every site. Drives the ROI math on the next step.
Audit obligations (check all that apply)
What this drives. Each box checked pulls a control-coverage section into the deck mapping CybrIQ output to specific framework controls. SOC 2 brings CC6.1 and CC7.2. HIPAA brings the OCR Risk Analysis evidence shape. PCI brings 12.3.4 and 9.9. NIST CSF / 800-171 brings ID.AM-1, ID.AM-2, and 3.4.1. CMMC L2 brings CM.L2-3.4.1. NDAA 889 brings the covered-entity sweep section. ISO brings A.5.9 and A.8.1.
What to check. Frameworks your organization is actually audited against this year, not aspirational ones.
What to check. Frameworks your organization is actually audited against this year, not aspirational ones.
Current security tooling
What this drives. Builds the comparison table in Step 3 of the deck. If you check NAC, the deck explains how CybrIQ feeds your NAC's policy decision rather than replacing it. If you check Armis or Asimily, the deck includes a head-to-head feature matrix. If you check None, the deck adds a “starting from scratch” framing instead of “alongside the existing stack.”
What to check. Tools your team operates today. SIEMs include Splunk and Sentinel; EDR includes CrowdStrike and SentinelOne; NAC includes Cisco ISE, Forescout, and Aruba ClearPass.
What to check. Tools your team operates today. SIEMs include Splunk and Sentinel; EDR includes CrowdStrike and SentinelOne; NAC includes Cisco ISE, Forescout, and Aruba ClearPass.
Please fill in the required fields above before continuing.