Five inspection categories. One remediation plan.

Any small business with accounts, a website, email, and cloud tools.

You have dozens of accounts, tools, and access points your team uses every day — and nobody has ever checked which ones are locked down.

• › Account and access inventory
• › Website and hosting review
• › Email and identity security check
• › Cloud tool configuration review
• › Customer data exposure summary
• › Recovery and backup readiness check
• › Risk-rated finding report
• › Priority fix list

Businesses with a public website, active forms, or customer-facing tools.

Websites accumulate risk quietly. Outdated plugins, insecure forms, missing MFA, and exposed services create entry points attackers look for routinely.

• › Public surface scan (website, subdomains, exposed services)
• › Plugin and dependency audit
• › Form and data submission review
• › Authentication weakness check
• › SSL/TLS and header analysis
• › Severity-rated finding list
• › Remediation notes per finding

Businesses using ChatGPT, Claude, Gemini, CRMs, forms, or automation tools that handle customer or financial data.

Most small businesses start using AI tools without considering what data is going in — customer names, payment details, contracts, internal procedures — often shared with third-party systems with no review.

• › AI tool inventory (ChatGPT, Claude, Gemini, CRMs, etc.)
• › Data input risk mapping
• › Third-party sharing exposure review
• › Safe usage guidelines per tool
• › Draft AI acceptable-use policy
• › Risk-rated finding report

Businesses using Zapier, Make, n8n, webhooks, API integrations, or custom automations.

Automations move data between tools automatically — and often invisibly. Exposed API keys, insecure webhooks, undocumented data flows, and forgotten integrations create ongoing risk with no one watching.

• › Automation and integration inventory
• › API key and token exposure review
• › Webhook security check
• › Third-party data flow map
• › Stale or undocumented integration flagging
• › Risk-rated finding report
• › Rotation and remediation checklist

Any client completing an audit or inspection who needs a structured path to fix what was found.

A list of findings without a clear action plan sits unused. Small business owners need to know exactly what to fix, in what order, who owns it, and how long it will take.

• › Executive risk summary (1 page)
• › Full finding list with severity ratings
• › Evidence notes and screenshots
• › Prioritized fix list (Critical → Low)
• › Owner assignment per item
• › 30-day hardening checklist
• › Optional: 90-day retainer roadmap