Enterprise Assessment FAQ

Is my assessment data secure?

Yes—completely. Assessments run entirely in your web browser. Your answers are saved locally on your own device and are never transmitted to CyberAssure or anyone else. There's no cloud storage, no database, no account. We literally cannot see your assessment data. This architecture is intentional—organisations conducting security assessments shouldn't have to trust a third party with sensitive gap analysis.

Can I run assessments in air-gapped or restricted environments?

Yes. Once downloaded, the assessment requires no internet connection. It runs entirely offline in any modern browser, making it suitable for secure environments, classified networks, or locations with restricted connectivity.

Where is my data stored?

Your assessment data is stored only in your browser's local storage on your device. When you export reports, files are saved to your local machine. At no point does any assessment data leave your device or reach CyberAssure servers.

What format are the assessments delivered in?

Assessments are delivered as self-contained HTML files that run entirely in your browser. No installation, account creation, or internet connection is required after download. Simply open the file in any modern browser to begin.

What outputs do I receive?

Each assessment generates two exportable reports: an Executive Summary (Word format) suitable for board presentation, and a detailed Findings Workbook (Excel format) for remediation planning and tracking. Both are generated locally in your browser.

How long does an assessment take to complete?

Completion time varies by framework and organisational complexity. Most assessments take 2–4 hours for initial completion, though larger frameworks like ISO 27001 or NIST CSF may take longer. Progress is saved automatically, so you can complete the assessment across multiple sessions.

Can multiple people collaborate on an assessment?

The assessment file can be shared internally and opened by different team members. However, since data is stored in browser local storage, responses are device-specific. For collaborative assessments, we recommend designating one device as the primary assessment machine, or coordinating responses offline before entry.

Who are these assessments designed for?

Our assessments are designed for CISOs, Heads of GRC, and senior security, risk, and compliance leaders who need structured, framework-aligned tools for evaluating organisational maturity. They're used by organisations ranging from mid-market companies to ASX-listed enterprises and government agencies.

Are these assessments a substitute for formal certification or audit?

No. These assessments are self-assessment tools designed to help organisations understand their current maturity level, identify gaps, and prepare for formal certification or audit. They do not constitute formal audits, certifications, or attestations. However, the consistent methodology and documented outputs can support your certification journey and demonstrate due diligence.

How is maturity scored?

Assessments use a five-level maturity model aligned to industry standards: Level 1 (Initial/Ad-hoc), Level 2 (Developing), Level 3 (Defined), Level 4 (Managed), and Level 5 (Optimised). Scoring criteria are framework-specific and aligned to the source framework's guidance where applicable.

How often should we run assessments?

Most organisations run quarterly assessments to track progress and demonstrate improvement to boards and regulators. The consistent methodology ensures meaningful quarter-over-quarter comparisons. Some organisations also run assessments after significant changes (new systems, acquisitions, incidents) or in preparation for external audits.

What does the license include?

Each assessment purchase provides a license for organisational use. You receive a downloadable HTML file that runs locally on your device. The license is tied to your organisation, not individual users or devices. Please refer to our terms of service for full licensing details.

Can I use assessments across multiple business units or subsidiaries?

Standard licenses cover a single legal entity. For organisations with multiple subsidiaries or business units requiring separate assessments, please contact us to discuss enterprise licensing arrangements.

Do you offer consulting or advisory services alongside assessments?

CyberAssure focuses on assessment tools. We don't provide consulting services directly, which allows us to offer unbiased tools without the conflict of interest that comes from selling remediation services. If you need advisory support, we can recommend independent consultants who are familiar with our assessment outputs.

How is payment processed?

Payments are processed securely through Payhip using Stripe or PayPal. CyberAssure does not directly handle or store payment card information. For enterprise purchases requiring invoicing or purchase orders, please contact us directly.

Do you offer refunds?

Due to the digital nature of our products, we generally do not offer refunds after download. However, we're committed to customer satisfaction—if you experience issues with an assessment, please contact us and we'll work to resolve the situation.

How do I get support if I have questions?

For product questions, technical issues, or general enquiries, use our contact form. We typically respond within one business day.