What do you get?
Focused Definition Session (60 minutes): A Microsoft Teams consultation to clarify your security challenge, align scope and goals, and capture decisions, recommendations, and next steps in concise minutes. Delivered by a solo, one‑stop expert from Back Office Guide—no handoffs, full accountability.
Comprehensive Security Fortification: OWASP-aligned website scan (incl. WordPress) and an enterprise posture assessment covering identities, endpoints, SaaS, access, backup, and policy. You receive clear findings, risk ratings, and a prioritized remediation backlog (quick wins to strategic fixes).
Focused Working Session (60 minutes): Deep-dive consult to turn priorities into action—validate fixes, refine guardrails, and confirm feasibility—with AI-assisted research as needed. Includes detailed minutes.
Cyber Security Basic Action Report: A concise, navigable PDF (with supporting files) summarizing risks, chosen controls, and implementation steps. Includes up to two revision cycles to ensure clarity and buy‑in.
Optional Automation Boost: Connect alerts, backups, offboarding, and patching workflows using Zapier/Make to cut manual effort and reduce recurring toil.
Why does it matter?
Cuts direct breach exposure and downtime: IBM reports the average global data breach cost reached USD 4.88M in 2024—swift hardening and clear playbooks materially reduce likelihood and impact.
Lowers operational cost-to-serve: A prioritized backlog focuses spend on the highest ROI fixes, while automation removes repetitive tasks, reduces ticket volume, and shortens time-to-remediate.
Speeds audits and client trust: Documented controls and evidence accelerate due diligence, vendor reviews, and security questionnaires—unlocking deals and avoiding audit overruns.
De-risks execution: One accountable expert from discovery to delivery ensures momentum, fewer miscommunications, and faster measurable outcomes.
Impact on
This is all included
Total Credits
3.3K
Have questions?
Let's have a chat.
Don't worry about
Content
Terms & Conditions
## Parties; Service Overview
These Terms govern Back Office Guide’s Cyber Security Due Diligence service (“Service”) provided to the purchasing client (“Client”). Any proposal, SOW, or order form (collectively, “Order”) forms part of these Terms. In case of conflict, the Order prevails.
## Scope and Deliverables
- Definition Session (60 min) via Microsoft Teams: clarify goals, scope, constraints; written minutes.
- Security Fortification: OWASP‑aligned website scan (incl. WordPress) and enterprise posture review (identities, endpoints, SaaS, access, backup, policy); findings, risk ratings, and prioritized remediation backlog.
- Working Session (60 min): validate fixes, refine guardrails; written minutes.
- Cyber Security Basic Action Report: concise PDF with supporting files; up to two revision cycles.
- Optional Automation Boost: workflow integrations (e.g., alerts, backups, offboarding, patching) via Zapier/Make.
Service is advisory; implementation and operation of controls remain Client’s responsibility unless stated in the Order.
## Client Responsibilities
- Authorization: Client warrants it owns/controls target systems and grants written permission for scans and assessments. Client provides safe test windows, contacts, and required access.
- Lawful Use: Service will not be used to violate law, third‑party rights, or acceptable use policies.
- Accuracy: Client supplies timely, accurate information and notifies of production‑sensitivity.
## Exclusions
- Not a penetration test, red team, digital forensics, 24/7 monitoring, incident response, or legal/compliance certification (e.g., ISO/SOC2) unless expressly included.
- No intrusive testing (e.g., DDoS, credential brute‑force) unless agreed in writing.
## Revisions and Acceptance
- Two revision cycles to the Action Report are included if requested within 15 days of initial delivery; further changes are out‑of‑scope and billable.
- Deliverables are deemed accepted upon the earlier of Client’s written acceptance, production use, or five business days after delivery without material defect notice.
## Fees, Changes, Scheduling
- Fees and payment terms are stated in the Order. Expenses (if any) are pre‑approved and invoiced at cost.
- Change Requests impacting scope/time/effort require a written change order and may adjust fees and timelines.
- Sessions may be rescheduled with 24 hours’ notice; late cancellations/no‑shows may be charged.
## Confidentiality; Data Protection
Each party will protect the other’s Confidential Information with reasonable safeguards and use it only to perform under these Terms. If personal data is processed, a data processing agreement (if required by law) will apply. Unless required by law, working papers are retained up to 90 days post‑engagement, then securely deleted.
## Intellectual Property
Back Office Guide owns pre‑existing IP, methods, templates, and tools. Upon full payment, Client receives a non‑exclusive, perpetual, worldwide license to use deliverables internally. Third‑party components remain subject to their licenses.
## Third‑Party Services; AI
Use of third‑party platforms (e.g., Microsoft Teams, Zapier/Make, scanning utilities) is subject to their terms. AI‑assisted research may be used with safeguards; Client data will not be intentionally disclosed to public models beyond agreed scope.
## Warranties; Disclaimers
Service is provided with reasonable skill and care. Except as stated, it is “as is” without warranties of merchantability, fitness, non‑infringement, or error‑free/complete security. Recommendations are point‑in‑time and risk‑based; threats evolve.
## Liability
To the maximum extent permitted by law: (a) neither party is liable for indirect, consequential, or lost profits; and (b) each party’s aggregate liability is capped at the fees paid or payable for the Service in the 3 months preceding the claim. Nothing limits liability for willful misconduct or amounts that cannot be limited by law.
## Termination
Either party may terminate for material breach if uncured within 10 days of notice. Upon termination, Client pays for work performed to date. Sections on confidentiality, IP, fees, disclaimers, and liability survive.
## Miscellaneous
Independent contractors; no assignment without consent (not unreasonably withheld); force majeure applies; notices per the Order; governing law and venue per the Order (if silent, law of the provider’s domicile applies). Entire agreement; amendments must be in writing.
Apps & Infrastructure
OneCore for Cyber Security Due Diligence
Accelerate your Cyber Security Due Diligence with OneCore—Back Office Guide’s simple way to obtain and implement the required technical components without separate vendor subscriptions. You get a streamlined setup, managed access, and easy pay‑per‑use so the focus stays on outcomes: a clear, expert-led assessment that surfaces hidden security and legal exposures, highlights compliance gaps, prioritizes risks, and delivers a practical roadmap to strengthen defenses and operational resilience.
Because no specific infrastructure options are listed for this service, the engagement can run with customer-owned subscriptions or with Back Office Guide–managed access under OneCore. Apps and services used for this transformation may include:
- ChatGPT: analysis assistance, evidence synthesis, policy/control gap summarization, and drafting of clear, actionable reporting.
We also integrate with your existing environment (e.g., log sources, identity systems, ticketing, documentation repositories, and vulnerability evidence) under least‑privilege access. All handling follows data minimization and encryption-in-transit standards, with artifacts delivered in structured, reusable formats to support rapid remediation and ongoing governance.
Outcome: a concise, prioritized report and implementation plan that reduces legal exposure, strengthens compliance posture, and builds stakeholder trust—delivered with minimal procurement friction via OneCore’s pay‑per‑use model or your own subscriptions.