Maturity Scorecard (Template)
Scale: 1 = ad hoc, 2 = basic, 3 = managed, 4 = measured, 5 = optimized
| Domain | Score (1–5) | What we observed | What “3” looks like |
|---|---|---|---|
| Identity & Access | MFA enforced, admin roles minimal, shared accounts eliminated | ||
| Email & Collaboration | Baseline phishing protections, external forwarding controlled | ||
| Endpoints | Inventory + patch cadence + encryption + EDR visibility | ||
| Backups & Restore | Coverage known, restore tested, ransomware protections | ||
| Ops Resilience | Incident roles, vendor escalation, runbooks, periodic drills |