Security Assessments

Is Your Business Actually Secure — Or Do You Just Hope It Is?

Most businesses invest in security tools and assume they're protected. But when a client, an auditor, or a cyber insurer asks you to prove it — assumption isn't enough. A CIS Assessment gives you evidence.

Sound familiar?

Does This Sound Familiar?

You're not alone. These are the situations that bring most South African businesses to us:

A client or partner sent you a security questionnaire — and you weren't sure how to answer it honestly.

You're applying for (or renewing) cyber liability insurance and need to prove you have security best practices in place.

You've spent money on firewalls, antivirus and Microsoft 365 — but you don't actually know if they're configured correctly.

You're worried about ransomware, but you don't know where your weak points are.

You need to show management or the board that the business is protected.

You simply want peace of mind that your business and its data are genuinely safe.

The insurance angle

Cyber Insurance Now Requires Proof — Not Promises

South African and global cyber insurers have significantly tightened their requirements. To qualify for cyber liability cover, insurers now expect documented proof of specific security controls — including multi-factor authentication (MFA), endpoint detection and response (EDR), tested and immutable backups, email security, privileged access management, and a documented incident response plan.

Here's the part many businesses miss: a cyber insurance application is a legally binding document. When you attest that you enforce MFA everywhere or that your backups are immutable, the insurer relies on those statements to issue your policy. If a claim investigation later reveals those controls weren't actually in place, the insurer can reduce or deny your claim — or void the policy entirely.

This is exactly why an independent assessment matters. A CIS Assessment gives you evidence of what's actually in place, so you can complete your insurer's questionnaire honestly and accurately — and know your cover will hold up when you need it most.

The danger isn't just failing to qualify for insurance. It's paying premiums for years, then having a claim denied because a control you thought was in place wasn't.

The solution

There's a Recognised Way to Measure Whether You're Actually Secure

This is where CIS comes in. CIS stands for the Center for Internet Security — a globally recognised, independent organisation that publishes the security standards used by businesses, governments and security professionals worldwide.

The CIS Benchmarks and CIS Controls are, in effect, a blueprint for secure configuration. Rather than guessing whether your environment is secure, a CIS Assessment measures your actual systems against these proven international standards — and shows you exactly where you stand.

Scope

What We Assess

Microsoft 365

Exchange Online, Teams, SharePoint, Entra ID

Active Directory & Group Policy

Domain configuration, GPOs, privileged access

Windows Servers

Server hardening against CIS Benchmarks

Windows Workstations & Laptops

Endpoint configuration and hardening

FortiGate & Sophos Firewalls

Firewall rules, VPN and edge security

SQL Servers

Database security and access controls

The blueprint

The 18 CIS Controls — Your Security Blueprint

A CIS Assessment measures your environment against the 18 CIS Controls — a prioritised set of safeguards designed to defend against the most common real-world cyberattacks.

  1. 01Inventory and Control of Enterprise Assets
  2. 02Inventory and Control of Software Assets
  3. 03Data Protection
  4. 04Secure Configuration of Enterprise Assets and Software
  5. 05Account Management
  6. 06Access Control Management
  7. 07Continuous Vulnerability Management
  8. 08Audit Log Management
  9. 09Email and Web Browser Protections
  10. 10Malware Defenses
  11. 11Data Recovery
  12. 12Network Infrastructure Management
  13. 13Network Monitoring and Defense
  14. 14Security Awareness and Skills Training
  15. 15Service Provider Management
  16. 16Application Software Security
  17. 17Incident Response Management
  18. 18Penetration Testing
The process

How a CIS Assessment Works

01
Scoping

We agree which systems and platforms to assess based on your environment.

02
Assessment

We use professional CIS auditing tools (CIS-CAT Pro) to measure your configuration against the CIS Benchmarks — an automated, evidence-based process covering hundreds of controls.

03
Findings Report

You receive a detailed report showing what passed, what failed, and the severity of each finding, categorised critical/high/medium/low.

04
Remediation Roadmap

We help you understand the findings and give you a prioritised, practical roadmap to close the gaps — based on real risk, not a list of hundreds of items.

Who it's for

Who Needs a CIS Assessment?

Businesses applying for or renewing cyber liability insurance

Companies responding to client or supply-chain security requirements

Organisations that have invested in security tools but want to verify they're configured correctly

Businesses that want board-level assurance their data is protected

Any company that wants genuine peace of mind about their security posture

FAQ

Frequently Asked Questions

Find Out Where You Actually Stand

Book a free assessment and get an honest, evidence-based picture of your security posture — no jargon, no assumptions.

Book a Free Assessment