ERMITS Advisory™ · Engagement Model
From first signal to full clarity.
A progressive evidence model across three advisory service paths — delivering board-ready artifacts at every level of engagement, with no wasted motion between them.
From the Cyber Brief to artifacts
Level 1 · Light
Vendor Dependency Snapshot
Quick continuity narrative with minimal data.
Required
- Critical vendor count
- Outsourcing level
- Alternate-provider availability
Regulatory Exposure Note
Jurisdictional pressure summary.
Required
- Geography
- Cross-border transfers
- Privacy posture
Ransomware Readiness Card
Fast leadership readiness view.
Required
- Security answers
- Resilience indicators
Level 2 · Structured
Vendor Exposure Pattern
Abstract benchmarking before named vendors.
Required
- Vendor categories
- Optional outsourcing data
Data Sensitivity Map
Category-level pressure drivers.
Required
- Sensitive data categories
- Asset types
Attack Surface Estimate
Asset-informed threat narrative.
Required
- Asset categories
- Critical functions
Level 3 · Evidence
Dependency Graph
Critical vendor-to-service mapping.
Required
- Asset register
- Vendor mapping
- Critical services
Data Mapping Baseline
Processing inventory & flows.
Required
- Processing inventory
- Data flows
- System owners
Control Mapping
Evidence-backed controls to assets.
Required
- Asset register
- Control inventory
- Recovery measures
Node Detail
📋 Required
📎 Produces
🔓 Unlocks
Progressive evidence loop
→ Collect enough for a justified artifact, then use it to request the next evidence layer.
Each deliverable is built to earn the next level of engagement.