Skip to main content
The Cliffside Lighthouse Assessment

An honest picture of where
you actually stand.

Not another tick-box exercise. The Lighthouse is a real assessment by a multi-specialist team (architecture, risk, compliance, and testing) that tells you honestly where you stand, what matters, and what can wait.

We follow ISO 27001 methodology when applicable for assessments. Transferable findings, yours to use with any provider. No lock-in, no upsell, no predetermined conclusion.

Book a Free Consultation

A 30-minute call with a senior Cliffside consultant. No obligation. We'll tell you honestly whether the Lighthouse is the right starting point for you.

By submitting you agree to Cliffside's privacy policy. We don't share your details with third parties.

What happens next
1We respond within one business day to confirm a time
230-minute call with a senior consultant, no obligation
3We tell you honestly if the Lighthouse is right for you
200%
Security Team Capacity Increase
100%
Project Security Integration
$0
Additional Headcount Required
ISO 27001
Methodology / Applied When Applicable
What it is

A multi-specialist assessment, not a solo consultant with a checklist.

Most security assessments are delivered by a single consultant, working from a template, producing a report that reflects their particular area of expertise. You get a penetration tester who finds technical vulnerabilities, but misses the governance gaps. Or a compliance consultant who maps controls, but can't assess whether the underlying architecture is sound.

The Lighthouse is different. We deploy a team across architecture, risk, compliance, and testing, evaluating your security posture as an integrated picture, not a series of isolated assessments. You get a single, unified view of where you stand across all four domains, prioritised by real business risk.

The output is a transferable report you own entirely. There's no lock-in; you can take the findings to any provider, implement them internally, or work with us on remediation. Our only commercial interest is in giving you an honest picture.

What's included
  • Security Architecture Review
    Evaluation of your current security architecture against your threat model, business model, and regulatory obligations.
  • Risk Assessment
    Identification and prioritisation of your highest-impact risks, connected to business consequences, not theoretical severity scores.
  • ISO 27001 Gap Analysis
    We apply ISO 27001 methodology where applicable to structure our assessments. A formal gap analysis can be scoped as a separate engagement if needed.
  • Essential Eight Assessment
    Maturity level assessment across all eight mitigation strategies, with prioritised remediation guidance.
  • Prioritised Roadmap
    A phased, evidence-backed remediation roadmap with clear rationale for every recommendation. What's urgent, what can wait, and why.
  • Executive Presentation
    A board-ready presentation of findings, designed for risk discussions, not technical briefings.
Why it's different

Six things that distinguish the Lighthouse.

01
Multi-Specialist Team

Architecture, risk, compliance, and testing specialists, working as one team, not four separate assessments with four separate reports and four separate recommendations.

02
No Predetermined Outcome

We don't arrive with a solution to sell you. Our commercial interest is your long-term trust, not the upsell after the assessment. If the answer is a policy update, we'll tell you that.

03
Transferable Report

The assessment belongs to you. Take it to any provider, implement it internally, or work with us. We don't lock findings inside a portal or make follow-on work a condition of receiving your results.

04
ISO 27001 as Standard

ISO 27001 gap analysis is included in every Lighthouse Assessment, not an optional add-on. Led by consultants who've been ISO 27001 Lead Auditors since 2008.

05
Business-Language Output

Findings are mapped to business risk, not CVSS scores. Recommendations are calibrated to your budget and internal capability, not to an aspirational enterprise security programme.

06
Defensible Under Scrutiny

Every recommendation includes the evidence and rationale to defend it under board challenge, regulatory audit, or independent review. You'll know why we recommended what we recommended.

Common questions

What people usually ask.

How long does it take?
Typically two to four weeks from kick-off to final report, depending on the size and complexity of your environment. We can compress this for time-sensitive requirements, discuss this with us at the initial consultation.
What if I have an upcoming audit or compliance deadline?
The Lighthouse is designed to be useful in exactly this situation. We apply ISO 27001 methodology when applicable, and we can align the assessment timeline to your certification or regulatory milestone. Tell us what you're working towards and we'll structure accordingly.
Is there an obligation to use Cliffside for the remediation work?
None. The report is yours. We'll explain what the findings mean and answer your questions, and if you want to work with us on remediation we're available, but there's no commercial arrangement that depends on you doing so.
What size organisation is it designed for?
The Lighthouse scales. We've run it for 50-person professional services firms and 5,000-person regulated financial institutions. The scope, depth, and deliverables adjust to your environment. The starting point is always the same: an honest assessment of what you actually need to know.
How much does it cost?
The initial consultation is free. The Lighthouse Assessment is a fixed-scope, fixed-price engagement; the price depends on your organisation's size and environment. We'll give you a clear figure after the initial conversation, before any commitment is made.

Not sure where to start?

Book a free Lighthouse Assessment. Honest, transferable, no lock-in.

Book Free Assessment