Cybercraft
← Back to In a Box services In a Box Β· One-Time

A client just sent you a vendor security questionnaire. Can you answer it honestly?

A structured cyber risk assessment that gives your board the visibility they need and your clients the evidence they're asking for β€” in business language, not technical jargon.

What's in the box

Enterprise supply chain requirements are flowing downstream. Your biggest clients and government customers are now asking for evidence of your security posture β€” risk assessments, treatment plans, and evidence that someone in your organisation owns this.

This package produces a structured cyber risk assessment with reporting your board can use for decisions and your clients can use for due diligence. Not a list of technical vulnerabilities β€” a business-oriented view of your cyber risks, their likelihood, their potential impact, and what you're doing about them.

The output is designed to be reusable. The risk register becomes a living document you can update annually or when your environment changes β€” and present to any client who asks.

Deliverables

  • Cyber risk register with likelihood and impact ratings
  • Board-level risk summary with visual risk heat map
  • Risk treatment plan with recommended actions and priorities
  • Supply chain questionnaire response pack
  • Risk assessment methodology documentation
  • Executive presentation pack for board or leadership reporting

Business benefits

  • Answer vendor questionnaires confidently β€” with documented evidence
  • Board visibility to make informed decisions about cyber investment
  • Risk language your leadership understands β€” not just your IT team
  • Compliance evidence for ISO 27001, Essential Eight, and insurer requirements
  • Repeatable methodology for ongoing risk management

Engagement process

ScopingDefine the assessment boundary, risk appetite, and stakeholders. Review any specific questionnaires or frameworks you're responding to.
Risk identificationStructured workshops and interviews with key stakeholders to identify and document your cyber risks, including supply chain dependencies.
Analysis and ratingEach risk assessed for likelihood and business impact. Existing controls evaluated for effectiveness against your threat landscape.
Treatment planningRecommended actions for each risk β€” accept, mitigate, transfer, or avoid β€” with cost and effort estimates your board can prioritise against.
Board presentationFindings presented to your board or leadership team in business language, with a clear recommendation on priorities β€” and a pack you can share with clients.
Handle your questionnaire

A client asking about your cyber risk posture is an opportunity β€” if you're prepared

Tell us which clients or questionnaires are driving the conversation and we'll scope the assessment accordingly.

Handle your questionnaire

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.