SECURE Deliverables (Public Catalog)
Short definitions of what’s included in each deliverable. For deeper internal details, see the internal deliverables catalog (Playbooks_and_templates/reference/deliverables-catalog).
Security Risk Assessment (SRA)
Baseline using NIST CSF mapped to your frameworks; produces a prioritized risk register and roadmap.
- Included in: Foundations • Pillars • Spire (annually). Also sold standalone as Aware.
Discovery & Onboarding Questionnaire
Capture org/regulatory context to tailor scope and right‑size the engagement.
- Included in: Foundations • Pillars • Spire (used during Aware as well).
Policy Starter Kit
Editable policy templates (AUP, InfoSec, IR, Vendor, BCP) with guidance for customization.
- Included in: Foundations • Pillars • Spire.
Risk Register
Tracked risks with owners, status, mitigation plan, and trends.
- Included in: Foundations (setup) • Pillars (monthly updates) • Spire (strategic oversight).
Quarterly Security Check‑Ins
Leadership reviews of posture, risk movement, and priorities.
- Included in: Foundations • Pillars • Spire.
90‑Day Quick Wins Checklist
Early high‑impact fixes to reduce risk quickly, tracked to completion.
- Included in: Foundations • Pillars • Spire.
Security Team Support (Analyst Hours)
Fractional analyst hours for reviews, vendor diligence, and implementation guidance.
- Included in: Pillars • Spire.
Quarterly Security Report Deck
Executive‑ready summary of KPIs, risks, compliance, and roadmap.
- Included in: Pillars • Spire (enhanced with ROI metrics).
Incident Response Tabletop Exercise
Scenario‑based exercise testing readiness with an after‑action report and plan.
- Included in: Pillars • Spire.
Vendor Risk Review
Standardized due diligence and risk rating for third parties; integrates with contracts.
- Included in: Pillars (basic) • Spire (advanced/contractual).
End‑User Awareness Training
Annual training program with tracking and optional targeted refreshers.
- Included in: Pillars • Spire.
Board & Executive Briefing Deck
Semi‑annual program updates, decisions, and ROI narrative for leadership.
- Included in: Pillars • Spire.
Advanced Security Architecture Reviews
Guidance for network, cloud, and endpoint designs focusing on resilience and zero trust.
- Included in: Spire.
Regulatory & Audit Readiness
Checklists, evidence prep, and Q&A coaching for HIPAA, SOC 2, PCI, and more.
- Included in: Spire.
Business Continuity & Disaster Recovery (BC/DR)
BIA, RTO/RPO, recovery runbooks, and annual exercise planning.
- Included in: Spire.
Red Team / Penetration Test Coordination
Coordinate external testing and integrate findings into the risk program.
- Included in: Spire.
ROI & Performance Renewal Proposal
Quantify value realized and define the roadmap for the next term.
- Included in: Spire.
Case Study & Success Story
Document maturity achievements for stakeholders and partners.
- Included in: Spire (at renewal/milestones).
Vulnerability Scanning + Advisory
Scheduled internal and/or external vulnerability scans with curated, prioritized findings and remediation guidance integrated into your risk register.
- Included in: Pillars • Spire.
Included in Tiers
- Foundations: SRA, Policies, Risk Register (setup), Quarterly Check‑ins, Quick Wins.
- Pillars: Everything in Foundations plus monthly updates, reporting, training, vendor review, IR tabletop, board briefing.
- Spire: Everything in Pillars plus CISO leadership, architecture reviews, audit readiness, BC/DR, red team coordination, ROI.
Next: Compare tiers (Foundations, Pillars, Spire) or see Pricing.