80+ controls across 3 levels and 7 categories — with practical guidance at every step. Set your own target score and build a roadmap of planned improvements to get there.
The CMI assesses your organisation across seven categories, each containing a set of controls rated across three levels — Foundational, Developing and Mature. Your score reflects depth of implementation, not just whether a control is ticked off.
Policies, roles and responsibilities that underpin your security programme.
Whether devices are patched, configured securely and managed effectively.
Who has access to what, how access is granted, and how it is protected.
How your network, perimeter and connected systems are protected.
Protection against phishing, spoofing and email-based attacks.
How data is stored, backed up and recoverable in the event of an incident.
Whether your team understands cyber risks and their role in preventing incidents.
Across all seven categories, each with practical guidance on why it matters and how to implement it.
Unlike generic maturity assessments, the CMI is designed for real organisations with real-world constraints. Each control has a clear description, expert guidance on why it matters, and practical steps to implement it.
Mark controls as complete as you implement them. The CMI updates in real time, showing your progress and where to focus next.
The CMI automatically identifies which controls are missing or incomplete and surfaces them as prioritised actions - ordered by impact.
Your CMI history is recorded so you can see improvement over time and demonstrate progress to boards, trustees, and funders.
Define what level is right for your organisation. Cyber Assure tracks the gap and shows which actions close it fastest.
Mark controls you plan to implement and when. Your roadmap gives leadership a forward view of planned improvements alongside current performance.
Included in all plans. Get in touch to arrange a walkthrough for your organisation.