Back to Main Site
ERMITS Advisory Logo
EA

STEEL™ Assessment Platform

Strategic Threat & Enterprise Evaluation Layer
"Global Insights, Streamlined for Resilience"

Transform your cybersecurity strategy with a comprehensive PESTEL-based assessment that evaluates Political, Economic, Social, Technological, Environmental, and Legal factors. Get board-ready insights in 30 minutes with our free, privacy-first assessment platform. Aligned with ISO 31000, COSO ERM, NIST CSF 2.0, and ISO/IEC 27001 frameworks.

Learn More
100% Free
Privacy-First
30 Minutes
Board-Ready Reports
Framework Aligned

About STEEL™ Assessment

STEEL™ (Strategic Threat & Enterprise Evaluation Layer) is a structured methodology and scoring engine that translates external forces and internal capabilities into an actionable enterprise risk score. It integrates PESTEL, threat exposure, digital maturity, regulatory readiness, financial impact, and sustainability factors into a single composite index.

ERMITS Advisory Purpose: ERMITS Advisory is the intelligence engine behind the ERMITS ecosystem. Through the STEEL™ Assessment Platform, we evaluate political, economic, social, technological, environmental, and legal forces that shape enterprise resilience. The output is a unified STEEL score used across CyberCaution, CyberCorrect, CyberSoluce, VendorSoluce, TechnoSoluce, ImpactSoluce, EduSoluce, and SocialCaution to deliver consistent strategic and operational decision support.

Framework Alignment

STEEL™ integrates with leading Enterprise Risk Management (ERM) and Information Technology Security frameworks:

  • ISO 31000:2018 - Risk Management Guidelines
  • COSO ERM Framework - Enterprise Risk Management integration
  • NIST Cybersecurity Framework (CSF) 2.0 - Comprehensive security assessment
  • NIST Risk Management Framework (RMF) - Risk-based approach
  • ISO/IEC 27001:2022 - Information security management alignment

How STEEL Scores Work

The STEEL platform evaluates 46 strategic indicators, grouped into six macro categories (PESTEL). Each category contributes to the overall enterprise resilience profile using calibrated weights. Results include:

  • 6 category scores (0–100): Individual PESTEL factor assessments
  • Composite STEEL Score: Weighted average across all factors
  • Risk Level: Low, Moderate, Elevated, or High classification
  • Recommendations: Aligned to ERMITS tools and actionable next steps

This methodology ensures leadership has a quantifiable, board-ready view of risk.

How to Complete This Assessment

  • Time Required: 30 minutes for thoughtful responses
  • Who Should Complete: CISO, CIO, CRO, or security leadership
  • Preparation: Have recent audit reports and security metrics available
  • Scoring: Be honest—this identifies improvement opportunities
  • Privacy: All data stays on your device, nothing is transmitted
46
Questions
6
PESTEL Factors
30
Minutes

Privacy & Data Handling

Your privacy is our priority. This assessment operates entirely within your browser. No data is transmitted to our servers or any third parties.

  • Zero Data Collection: Your responses never leave your device
  • Local Storage Only: Progress saved in your browser (optional)
  • Full Control: Export, delete, or clear data at any time
  • No Tracking: No cookies, analytics, or third-party tracking
  • Offline Capable: Works without internet connection after loading

Technical Details: This assessment uses HTML5 LocalStorage for optional progress saving and client-side JavaScript for all calculations. No personally identifiable information (PII) is collected, stored, or processed by ERMITS Advisory.

STEEL™ Executive Assessment

0% Complete (0 of 46 questions)
POLITICAL

Regulatory & Policy Environment

1. How well does your organization track and respond to cybersecurity regulations?
2. What is your organization's relationship with regulatory bodies?
3. How prepared is your organization for geopolitical cyber threats?
4. How does your organization manage cross-border data transfer compliance?
5. How effectively does leadership communicate security priorities to government?
6. How well does your organization anticipate future regulatory requirements?
7. How does your organization handle critical infrastructure designation?
ECONOMIC

Financial Impact & Market Conditions

8. How well does your organization quantify cybersecurity risk financially?
9. What is the alignment between security investment and business ROI?
10. How does your organization manage cyber insurance?
11. How prepared is your organization for economic downturns affecting security budgets?
12. How does your organization measure financial impact of security incidents?
13. How well does your organization communicate security value to investors?
14. How does your organization assess third-party financial stability?
SOCIAL

Human Factors & Organizational Culture

15. What is the level of security awareness across your organization?
16. How does your organization handle insider threat risk?
17. How effectively does leadership demonstrate security commitment?
18. How well does your organization manage work-from-home security?
19. How does your organization address security in D&I initiatives?
20. How well does your organization communicate security incidents?
21. How does your organization manage security team burnout?
TECHNOLOGICAL

Innovation & Digital Transformation

22. How well does your organization secure emerging technologies?
23. What is your capability to detect zero-day vulnerabilities?
24. How effectively does your organization integrate security into DevOps?
25. What is your organization's approach to API security?
26. How does your organization manage cloud security posture?
27. What is your capability for security orchestration (SOAR)?
28. How well does your organization secure IoT and OT environments?
ENVIRONMENTAL

Sustainability & ESG Compliance

29. How does your organization address climate-related cybersecurity risks?
30. What is your approach to sustainable IT and green cybersecurity?
31. How well does your organization manage ESG cyber risk disclosure?
32. What is your capability for environmental monitoring system security?
33. How does your organization protect against climate-event cyber disruptions?
34. What is your approach to sustainable supply chain cybersecurity?
35. How well does your organization integrate environmental compliance with cyber?
LEGAL

Legal Requirements & Data Protection

36. How well does your organization manage data privacy legal requirements?
37. What is your approach to cyber liability and legal risk transfer?
38. How prepared is your organization for breach litigation?
39. What is your capability for cross-border legal compliance?
40. How well does your organization manage intellectual property protection?
41. What is your approach to employment law and insider threat?
42. How effectively does your organization manage security contracts and SLAs?
POLITICAL

Enterprise Risk Management

43. How clearly has your organization defined and communicated its cybersecurity risk appetite?
TECHNOLOGICAL

Modern Security Architecture

44. What is your organization's Zero Trust Architecture maturity?
45. How does your organization secure the software supply chain?
ENVIRONMENTAL

Business Continuity & Resilience

46. What is your cybersecurity incident recovery capability?

STEEL™ Assessment Results

Complete the assessment to view your results.

Free vs Premium

✓ Free Assessment

  • Complete 46-question assessment
  • Basic results and scores display
  • JSON data export
  • Dashboard integration
  • Recommended action plan
  • Basic risk level indicators

⭐ Premium ($29)

  • Everything in Free, plus:
  • 📄 Detailed PDF reports (20+ pages)
  • 📊 Industry benchmarking
  • 📈 Executive summary templates
  • 💾 Multiple export formats (PNG, PowerPoint)
  • 🎨 High-resolution visualizations
  • ✨ Custom charts and graphs
Upgrade to Premium →