Cyber Health Checks
A rapid, fixed-scope assessment that shows what matters most and what to do first.
You can’t fix what you can’t see.
A health check gives you an honest, fast picture of where you stand before you spend a dollar on tools. It is the most common way our clients start, because it replaces guesswork with a prioritised plan.
A rapid, fixed-scope assessment that shows what matters most and what to do first.
Our work includes
- ✓Rapid security assessment
- ✓Gap analysis against recognised standards
- ✓Maturity scoring
- ✓Prioritised uplift recommendations
- ✓A clear, costed next step
Start with the question keeping you up at night.
Each is rapid and fixed-scope, and ends in a prioritised, costed plan. Pick the platform you run or the risk you need to answer.
Microsoft 365 health check
“We pay for licences we do not use, and Copilot worries us.”
We look at
- Identity, device and data posture
- What Copilot can reach today
- Licence fit, the cheapest path to fix
Endpoint & Falcon health check
“Is our EDR actually configured right, and covering everything?”
We look at
- Falcon policy posture and coverage gaps
- Identity threat protection in use
- Spotlight vulnerabilities, ranked
Data & SASE health check
“We do not know what is leaving, or which apps staff really use.”
We look at
- Shadow IT and risky SaaS in use
- DLP coverage and data in motion
- VPN exposure and AI tool usage
Essential Eight maturity assessment
“A contract or insurer wants evidence of where we stand.”
We look at
- Maturity rating across all eight
- Every gap, by severity and effort
- A sequenced path to your target level
Data & DSPM assessment
“We cannot say where our sensitive data actually lives.”
We look at
- Where sensitive data lives, with Cyera
- Over-sharing and exposure
- Readiness for safe AI adoption
Identity & access review
“We have too many admins and no clear view of who can reach what.”
We look at
- MFA and Conditional Access coverage
- Privileged and stale accounts
- Joiner, mover, leaver hygiene
Backup & ransomware readiness
“If we were hit tomorrow, could we actually recover?”
We look at
- Backup coverage and immutability
- Whether recovery has been tested
- Realistic recovery times
Email & human risk assessment
“Phishing and invoice fraud keep getting through to our people.”
We look at
- Email security posture and gaps
- Human risk and awareness maturity
- Insider risk signals
SharePoint & Copilot readiness
“We want Copilot, but our SharePoint is a sprawl nobody fully controls.”
We look at
- Teams and SharePoint sprawl and access
- Entra ID group and permission model
- Purview labelling and Copilot readiness
Scope
A short workshop fixes the scope, so you know exactly what is covered and what it costs.
Assess
We inspect the real configuration and evidence, not a questionnaire, in days not months.
Report & roadmap
A clear findings report, ranked by risk, with a prioritised and costed next step.
How secure and mature is your AI program, really?
AI is moving faster than most security postures. This assessment sets an honest baseline of your AI security maturity and gives you a clear, prioritised roadmap, so you can deploy high-value AI safely instead of holding it back.
Eight domains we evaluate, end to end
Policies, oversight and responsible-AI framework.
Network, compute and cloud security for AI workloads.
API, plugin and integration controls.
Authentication, authorisation and privilege.
Training-data protection, provenance and privacy.
Development, deployment and runtime protection.
Input validation, output filtering and guardrails.
Monitoring, threat detection and incident handling.
Scored across four dimensions
What you receive
Technology we run health checks on
Why Cornerstone?
We are not another managed service you cannot leave. We design, implement and hand over secure systems your team can run, with the documentation and clarity to stay in control. No lock-ins, just results.
A clear baseline before your next investment.
Plain-language assessment of where you stand.
What is a cyber health check?
A structured assessment of your current cyber posture: where you stand against the Essential Eight, identity hygiene, device management, data protection, backup and incident readiness. Outputs a clear, prioritised roadmap.
Who is it for?
Mid-market and enterprise organisations who want an honest baseline before their next security investment, after an incident, or before a compliance commitment.
How long does it take?
Two to four weeks depending on scope. Light-touch reviews can be faster; deep reviews of complex estates take longer.
What does it cost?
Fixed-fee, scoped per engagement. We agree the scope and price up front; no surprises.
What do we get at the end?
A plain-language report and a prioritised roadmap, ready for your board. Not a 200-slide deck of jargon.
Do we have to implement with you?
No. The report is yours to act on with any partner. We are happy to implement, but we are not selling you that decision in the assessment.











