Layer 1 Due-Diligence Report Builder

1. About you 2. ROI 3. Competitive 4. Briefing deck

Step 1 — About your organization

We use these inputs to populate every slide that says "our environment." Industry sets the breach statistics and regulatory framework references. Audits and tooling drive the compliance-coverage map and the alternatives table. The website lets us pull your logo onto the cover. The free-form project description is reproduced verbatim in the executive summary so the deck reads in your voice. Optional fields can be left blank.

Company

Industry

Company website (optional, used to brand the report with your logo)

Approx. employees

Annual revenue band

Buildings / sites

Conference rooms across the footprint

Leave blank if you don't know — we'll estimate from employee count.

Audit obligations (check all that apply)

SOC 2 Type II HIPAA PCI DSS 4.0 NIST CSF / 800-171 CMMC Level 2 NDAA Section 889 ISO 27001 GLBA

Current security tooling

NAC (Forescout / Cisco ISE / Aruba) EDR (CrowdStrike / SentinelOne) SIEM (Splunk / Sentinel) Armis Asimily None of the above

Evaluation timing

Primary driver

Describe your project (optional, used to tailor the report)

Your name

Your title

Phone (optional)

Step 2 — Projected audit-prep ROI with sensitivity

This step builds the financial case. Defaults are seeded from Step 1 and from public benchmarks; you can override any of them. The sensitivity table at the bottom shows the savings range across conservative, typical, and reference-engagement assumptions, which becomes the chart on the ROI slide of the deck.

Audit cycles per year

Each framework you checked above counts as one cycle.

Hours per cycle, today

GRC + audit-team hours spent reconstructing inventory.

Blended hourly rate (USD)

Audit-prep reduction (typical)

Annual savings (typical case)

Adjust the inputs above to model your environment.

0 hrs

Hours recovered/year

0 FTE

Equivalent FTE

— → —

Per-cycle prep window (hrs)

Sensitivity

Conservative · 55%

Typical · 70%

Reference · 85%

Step 3 — Competitive landscape across nine alternatives

Eight features evaluated across nine named alternatives. Sourced from public product documentation, the most-recent Forrester Wave on Connected Medical Device Security, the most-recent Gartner Market Guide for Cyber-Physical Systems Protection, and field engagements with each vendor. Cells show full match, partial or conditional, or does not address the feature. The same matrix appears in the deck on slide 10.

Vendor categories (where each plays in the market)

Layer 1 native

CybrIQ · in-house build (with Layer 1 capability)

Agentless asset discovery

Armis · Asimily · Forescout

Cyber-physical / OT

Claroty xDome · Microsoft Defender for IoT

NAC platforms · Active discovery

Cisco ISE / Aruba ClearPass · Runzero

Feature-by-feature scoring

How to read: The two features that determine fit for an audit-evidence requirement (Layer 1 fingerprinting and per-port records) sit at the top because the rest of the matrix is downstream of those. A vendor strong on rows 3-8 but blank on rows 1-2 is a security tool, not an audit-evidence product.

Vendor profile (one-line context per alternative)

Step 4 — Exec-level briefing deck

Generated from your inputs and rendered below. Each slide carries its own header explaining what it presents.

Sent. Your CybrIQ team has the report. Expect a personal reply within one business day. The deck above is yours to keep.

A due-diligence package populated against your environment.