Services — ERMITS Advisory

Three advisory paths

Supply chain, privacy, and threat—where the work emphasizes. Each path uses the same engagement ladder in the next section.

Outcome

Third-party and subcontractor risk: where dependency and concentration matter for operations.

Focus

Outcome

Privacy and breach pressure: a coherent line for regulators and leadership.

Focus

Outcome

Threat and resilience: critical assets and scenarios first—so IR and spend match real impact.

Focus

Depth from the Cyber Brief through managed engagement—artifacts and evidence scale the same way across all three paths.

Engagement	Primary value	Typical artifacts	Typical data / evidence
Brief / Baseline	Fast board-ready exposure & readiness	Brief HTML Full Report PDF L1 snapshot exports	Minimal signals only: scope, geography, vendor reliance, governance baseline, and Brief questionnaire inputs mapped to Level 1 nodes.
Profile Refinement	Sharper scope & priority logic	L1 across all branches · Scoping brief	Level 1 artifacts plus targeted follow-up to validate priority branches and narrow scope.
Structured Evidence	Asset register, control context	L2 artifacts · Benchmarking maps · Exposure heat maps	Structured inventories and category-level evidence (assets, vendors, data classes, critical functions) per branch requirements.
Managed Engagement	Cross-domain reporting & remediation	Full L3 · Control mapping · Remediation workflow	Full evidence layer: asset-to-control mapping, recovery measures, substitution planning, and ongoing validation.

→ One sitting: Exposure Index, domain scores, and Level 1 snapshots—grounding the table above.
10–15 min · browser-only · runs locally · no signup

Start the Cyber Brief → See Sample Report

Need calendars and scope confirmed first? Use Talk to an advisor—not required to run the Brief.