How It Works — ERMITS Advisory

How every engagement begins

01 · INTAKE

Minimal signals

Lightweight entry, value before heavy evidence.

Required

Scope & business context
Geography
Vendor reliance signals
Governance baseline

Produces

Initial scope framing Cross-branch activation Eligibility for Level 1

02 · NORMALIZE

Indicator engine

Standardized operational and regulatory indicators.

Required

Intake context
Mapping logic for dependencies
Regulatory signals

Produces

Operational indicators Regulatory pressure indicators Readiness matrix

03 · ACTIVATE

Parallel generation

One update improves all three branches simultaneously.

Required

Normalized indicators
Branch thresholds
Deliverable logic

Produces

Supply chain stream Privacy stream Threat stream

Three branches. Nine artifacts. One progressive logic.

Every engagement starts at Level 1. Evidence unlocks the next level across all branches simultaneously.

Level 1 · Light

Level 2 · Structured

Level 3 · Evidence

Supply chain

L1 Entry

Dependency Profile

Quick continuity narrative with minimal data.

Required

Critical vendor count
Outsourcing level
Alternate-provider availability

Vendor Exposure Pattern

Abstract benchmarking before named vendors.

Required

Vendor categories
Optional outsourcing data

Dependency Graph

Critical vendor-to-service mapping.

Required

Asset register
Vendor mapping
Critical services

Privacy

L1 Entry

Regulatory Exposure Note

Jurisdictional pressure summary.

Required

Geography
Cross-border transfers
Privacy posture

Data Sensitivity Map

Category-level pressure drivers.

Required

Sensitive data categories
Asset types

Data Mapping Baseline

Processing inventory & flows.

Required

Processing inventory
Data flows
System owners

Threat

L1 Entry

Ransomware Readiness

Fast leadership readiness view.

Required

Security answers
Resilience indicators

Attack Surface Estimate

Asset-informed threat narrative.

Required

Asset categories
Critical functions

Control Mapping

Evidence-backed controls to assets.

Required

Asset register
Control inventory
Recovery measures

Artifact detail

📋 Required

📎 Produces

🔓 Unlocks

What you receive at each level

Engagement	Primary value	Typical artifacts	Typical data / evidence
Brief / Baseline	Fast board-ready exposure & readiness	Brief HTML Full Report PDF Brief+ package Request Brief+ →	Minimal signals only: scope, geography, vendor reliance, governance baseline, and Brief questionnaire inputs mapped to Level 1 nodes.
Profile Refinement	Sharper scope & priority logic	L1 across all branches · Scoping brief	Level 1 artifacts plus targeted follow-up to validate priority branches and narrow scope.
Structured Evidence	Asset register, control context	L2 artifacts · Benchmarking maps · Exposure heat maps	Structured inventories and category-level evidence (assets, vendors, data classes, critical functions) per branch requirements.
Managed Engagement	Cross-domain reporting & remediation	Full L3 · Control mapping · Remediation workflow	Full evidence layer: asset-to-control mapping, recovery measures, substitution planning, and ongoing validation.

→ Progressive evidence loop — collect enough for a justified artifact, then use it to request the next evidence layer.
Every artifact ERMITS Advisory delivers is designed to justify the next engagement.

Start with the free Cyber Exposure Brief

10 minutes. Browser-only. No account required. Your responses auto-generate three Level 1 advisory artifacts.

Run the Brief →

Ready to go deeper?

Talk to ERMITS about a structured engagement across your highest-pressure branch.

Book a review →

From first signal to full clarity.

How every engagement begins

Minimal signals

Indicator engine

Parallel generation

Three branches. Nine artifacts. One progressive logic.

Artifact detail

What you receive at each level

Start with the free Cyber Exposure Brief

Ready to go deeper?