Foundations Assessment
Companion
Guide
Everything you need to know before you begin. No technical background required.
Why This Matters
You already knew something needed attention.
Most organizations get here the same way. Not through a crisis, not because a consultant scared them into it, but because someone on the team finally said out loud what everyone had quietly suspected for a while: we probably should take a closer look at this.
That instinct is correct. And acting on it matters more than you might think.
The Foundations Assessment is not a compliance audit. It is not a stress test designed to surface every possible vulnerability and hand you a bill. It is a structured, plain-language process that gives your organization an honest picture of where things stand today, so the decisions about what to do next can be made deliberately rather than reactively.
The organizations that get the most out of this process are the ones that come in curious rather than defensive. They already suspect there are things to strengthen. They just want to see the full picture and know what to do about it. That posture, curiosity over anxiety, is exactly the right one.
A note on what you will find
Every Foundations report contains a mix of strengths and areas for improvement. That is not a reflection of how well-run your organization is. It is the reality of operating in a digital environment that moves faster than any small team can track. What matters is not where you start. It is that you can see clearly and move forward with intention.
Before You Begin
Thirty to sixty minutes. No IT degree required.
The assessment is designed to be completed by one or two people who have a working view of how the organization runs day to day. Technical expertise is not required and, honestly, is not particularly helpful here. What matters is an honest working knowledge of how your team uses email, stores files, manages devices, and keeps the mission moving.
Executive directors, operations managers, and office administrators tend to be the right people in the room. Not because they have all the answers, but because they know how things actually work. Not how they are supposed to work. How they actually work. That distinction matters.
Time Required
Thirty to sixty minutes, depending on how many questions prompt a conversation worth having. (Some will.)
No Technical Background Needed
Plain-language questions across fourteen domains. No jargon, no trick questions. You answer based on how things actually work, not how they are supposed to.
Who Should Be Involved
One person who can speak to daily operations. A second is useful if you want another perspective, but it is not required.
When You Are Unsure
Select “Not sure.” Uncertainty is genuinely useful information. It tells us where visibility is limited, and limited visibility is itself something worth knowing.
You can complete the assessment on any device, though a laptop or desktop will be most comfortable for a session of this length. Choose a time when you can work without interruption. This is not the kind of thing you want to squeeze between back-to-back meetings.
What the Assessment Covers
Fourteen domains. Every one of them in plain language.
The assessment looks at your organization across fourteen areas. None of the questions assume technical expertise. They are designed to be answered by the people who know how things actually work.
What Happens After You Submit
Two documents and a conversation. In that order.
Once you submit, Cyberwise reviews and interprets the full picture: what is working, what needs attention, where visibility is limited, and what the overall risk profile looks like. That analysis becomes two documents and one conversation. Not a 47-page compliance report. Not a spreadsheet of vulnerabilities. Two documents and a conversation.
The Foundations Report
A narrative summary of your digital environment across all fourteen domains. Written in plain language, designed for leaders, board members, and people who do not spend their days thinking about cybersecurity. Not a score. Not a verdict. A picture.
The Action Plan
A prioritized list of practical next steps, organized into immediate, short-term, and longer-horizon recommendations. Sized to fit the realities of small teams with real budgets. The goal is a plan you can actually use, not one that sits in a folder until something goes wrong.
The Review Conversation
A guided walkthrough of your results, with time for questions and a clear discussion of what comes next. You will not be handed a document and left to figure it out on your own. The conversation is where the report actually becomes useful.
On what comes next
At the end of the review conversation, you will have a clear action plan and two options. You can implement it independently, at your own pace, with everything you need to move forward. Or you can work with Cyberwise for structured support: regular check-ins, help with vendor and tool decisions, and someone to keep things moving when life gets busy. There is no pressure in either direction. The right path is the one that fits your organization. We will talk through the options together.
A Note of Encouragement
A word before you begin.
Every organization that has gone through this process found something they did not expect. Sometimes it was a gap they had quietly been avoiding. Sometimes it was a strength they had never thought to name out loud. Usually it was both, and usually in roughly equal measure.
Neither finding is a reason for alarm. Both are reasons to have done this.
The goal is not perfect answers. It is an honest picture. And an honest picture, even an imperfect one, is the foundation for every practical step that follows. In our experience, that picture is almost always less frightening than the uncertainty that came before it. The not-knowing is the hard part. Once you can see it, you can do something about it.
So. Let’s take a look.
Protecting the trust you've earned