Sample Cyber Readiness Evidence Pack
Sample evidence summaries are structured reports that help you see what cyber control evidence you have, what’s missing, and what may need review before insurance renewal or client security review.
A typical Readiness AI evidence summary includes:
- Company Profile — Company name, industry, employee count, primary business systems and tools in use, current cyber insurance carrier (if any)
- Control Evidence Status — What evidence was found, what is missing, and what is partially confirmed for each relevant control area
- Blind Spots Identified — Areas where answers and evidence do not line up, or where documentation is incomplete
- Recommended Next Steps — Practical actions to prepare evidence before broker, insurer, or client review
- Notes for Review — Plain-English context to support internal, broker, or client conversations
Example Evidence Summary
| Control Area | Status | Evidence Found | Blind Spot | Recommended Next Step |
|---|---|---|---|---|
| MFA | Partial | Microsoft 365 MFA enabled | Not enforced for all administrators | Enforce conditional access for privileged accounts |
| Endpoint Protection | Configured | Defender active on most devices | Some devices may be unmanaged | Confirm device inventory and remove unused access |
| Backups | Needs Review | Backup vendor invoice available | No restore test evidence provided | Run and document a restore test |
| Email Authentication | Partial | SPF configured | DMARC policy is not enforced | Move DMARC toward quarantine after monitoring |
| Patch Posture | Missing Evidence | No recent endpoint patch export provided | Patch status cannot be proven | Export patch report from MDM, RMM, or endpoint tool |
| Access Control | Needs Review | User list available | Privileged accounts require review | Confirm admin roles and remove unnecessary access |
This is an illustrative sample only. Actual evidence depends on the customer’s systems, available records, authorized integrations, and onboarding scope.