What we'd hand you on a free call.
In checklist form.
Plain-language readiness checklists for the work most likely to be a problem — CMMC for defense subs, HIPAA for healthcare, AI governance for everyone. No email gate. No "download report" theater. Just the questions we'd ask you on the call.
The library so far.
Each piece is the same work we'd do with a paying client, sized down to a self-serve format. We're shipping more in the next few weeks. If one you don't see here would be exactly the thing — tell us; we move them up the queue when there's specific demand.
CMMC Readiness Checklist.
For defense contractors and subs.
A self-audit for firms preparing for CMMC L2 assessment — whether you're at zero or you have an SSP from a vendor who doesn't return calls anymore. Boundary scoping, identity & access, documentation, the NIST 800-171 control families, and audit prep.
Read the checklist →HIPAA Risk Analysis Checklist.
For practices, clinics, and groups.
A real risk analysis walkthrough — not a 50-question yes/no checklist someone Googled. For the §164.308 analysis OCR cites in nearly every enforcement action, done as if it had to hold up under scrutiny. Because it does.
Read the checklist →AI Governance Quick Start.
For any business with employees.
For leadership teams with a sense that AI is happening on the ground but no real read on what's being used, where data is going, or what the policy should say. Practical first steps, written for businesses that don't have a Chief AI Officer.
Read the checklist →Customer Audit Response Kit.
For SOC 2 and vendor security questionnaires.
For sales, ops, and IT facing a 40-page security questionnaire from a prospect or major customer. How to read the ask, draft answers that win, and build the answer library that turns the next questionnaire into an hour of work instead of a week.
Read the checklist →No email gate. No "download report" theater.
You shouldn't have to trade your email for a 30-page PDF that turns out to be a sales brochure. The work in these checklists is the same work we'd do with a paying client — sized down to a self-serve format, with the parts that actually matter kept and the filler cut. Read them on a phone. Print them. Share them with whoever's leading this work at your firm. If you want help applying any of it, the readiness call is no fee. That's the deal.
Bring a checklist to a call. Or pick another door.
Reading the resource is the easy part. Doing the work is harder, and we'd rather help you with the doing than charge you for the reading.
Free readiness call.
Bring whichever checklist you started, the questions you got stuck on, and the situation that brought you here. We'll tell you where the real gaps are and roughly what it'll cost to close them. No qualifying call before the qualifying call.
Schedule the call →Take the AI Readiness Scorecard.
If you're here for AI specifically, the Scorecard is the fastest read on where you stand. Twelve questions, a real grade, no email gate. Useful as a first step before the Quick Start checklist ships.
Start the Scorecard →Read about the Exposure Report.
Same engagement style we'd run on the back of any of these checklists, applied to AI exposure. Worth a look if you want to see how we run paid diagnostics — and to gauge fit before the call.
See deliverables →