Financial services · Self-assessment · Free
Financial Services Security Assessment.
Twenty-four questions across the six domains examiners, auditors, and underwriters actually inspect — Customer Data Protection, Identity & Access, Wire Fraud & BEC, Compliance & Governance, Incident Response & Resilience, and Third-Party & Vulnerability. About ten minutes. No email required to see your score.
- Mapped to GLBA Safeguards, FFIEC CAT, NCUA ACET, PCI DSS, NIST CSF 2.0
- Maturity scored Initial → Optimized per domain
- Scoring runs locally in your browser
- Optional written report + roadmap on request
Customer Data Protection Identity & Access Wire Fraud & BEC Compliance & Governance Incident Response & Resilience Third-Party & Vulnerability
Question 1 of 24 0%
What it covers
Six domains. Twenty-four honest questions.
Built around the threat picture financial institutions actually face: ransomware on core and online banking, BEC and wire fraud rerouting customer payments, third-party fintech and core-provider exposure, and the regulator filings that expect documented evidence. The score gives leadership a place to start the conversation — not the conversation itself.
-
Customer Data Protection
Encryption, classification, and DLP for nonpublic personal information (NPI), cardholder data, and core-banking records.
-
Identity & Access
MFA, privileged access, and the controls that protect online banking, core admin, and Microsoft 365 from phishing, BEC, and credential theft.
-
Wire Fraud & BEC
The Microsoft 365 hardening and payment-verification controls that close the doors attackers use to reroute wires, ACH, and member payments.
-
Compliance & Governance
The written information-security program, board reporting, and risk-assessment evidence examiners and auditors expect to see.
-
Incident Response & Resilience
What happens between the alarm and the regulator notification — including the 36-hour banking rule, 72-hour NCUA timeline, and ransomware recovery.
-
Third-Party & Vulnerability
Core providers, fintechs, and the patching cadence that keeps the audit findings — and the attackers — out.
-
What does the assessment cover?
Twenty-four questions across six domains: Customer Data Protection, Identity & Access, Wire Fraud & BEC, Compliance & Governance, Incident Response & Resilience, and Third-Party & Vulnerability. Each answer maps to a maturity level (Initial, Developing, Managed, Optimized) cross-walked to the GLBA Safeguards Rule, FFIEC Cybersecurity Assessment Tool, NCUA ACET / Information Security Examination, PCI DSS, and NIST CSF 2.0.
-
How long does it take?
About ten minutes. You can stop at any point — your answers are scored locally in the browser and never leave your device until you choose to request a written report.
-
Do I need to give an email address?
No. The assessment runs entirely client-side. If you want a written report and a 30/60/90-day plan from our team, you can request one at the end — but the score itself is yours immediately.
-
Is this a substitute for an examiner review or audit?
No. It is a fast, honest self-check — meant to surface the obvious gaps before an FFIEC IT exam, NCUA Information Security Examination, GLBA audit, PCI DSS assessment, or — worst case — a wire-fraud or ransomware event. A formal audit, FFIEC CAT / NCUA ACET engagement, or pen test is a separate engagement.
Talk to a real engineer
Want a partner who knows what your examiner actually asks for?
Whether you're shoring up after a near-miss, prepping an FFIEC IT exam or NCUA Information Security Examination, or scoping a managed SOC for the institution — we can help.