← All packagesStart here

Platform Health Check

An honest second opinion on your IAM platform.

A two-week diagnostic that produces a remediation roadmap for your existing IAM platform deployment. Practitioner-led, vendor-neutral, no upsell motive.

2-4 weeks

Schedule a 30-minute scoping call
The problem

When you inherited a platform you are not sure you can trust

Maybe new leadership inherited an IAM deployment from someone who left. Maybe an audit committee is asking for an attestation you cannot confidently give. Maybe you suspect the platform that is supposedly working is quietly accumulating risk.

You do not have the bench capacity for a full self-assessment, and you want a read from someone who has implemented this platform at your scale, with no motive to sell you more of it.

What is included

What we assess

Configuration

Policies, rules, workflows, connectors, role definitions, certifications, integration points.

Operating model

Ticket patterns, request fulfillment, exception handling, certification cadence, ownership.

Data quality

Attribute completeness, account reconciliation, orphaned and dormant accounts, role drift.

Control posture

Segregation of duties, privileged access, MFA coverage, access review effectiveness, audit logging.

Deliverables

What you receive

  1. Current-state assessment
  2. Prioritized remediation roadmap with effort estimates
  3. Control gap analysis against SOX, ISO 27001, and NIST 800-53
  4. Platform health score with rationale
  5. Findings register
  6. 60-minute executive readout for your leadership
Timeline

Four weeks, start to readout

Week 01

Kickoff and configuration review

Stakeholder interviews, configuration walkthrough, evidence collection.

Week 02

Operating model and data quality

Process review, account and role drift analysis, control coverage mapping.

Week 03

Synthesis

Draft deliverables, findings register, health score model, gap analysis.

Week 04

Final deliverables and readout

Final remediation roadmap, executive readout, knowledge transfer.

Engagement sizing

Three tiers, sized to your environment

Tier 1Under 1,000 identities, 2 weeks
Tier 21,000 to 5,000 identities, 4 weeks
Tier 35,000 to 15,000 identities, 4 weeks

Investment is confirmed on your scoping call after we walk through your environment. Larger or multi-platform environments are handled as custom engagements.

Fit

Who this is for

Directors of IAM, VPs of Security, and CISOs at organizations of 500 to 5,000 employees, particularly in regulated industries. Most useful when new leadership has inherited a platform, an audit is approaching, or a recent industry breach has raised questions about your own posture.

Out of scope

What this is not

This is a diagnostic, not implementation. We identify what to fix and what it will take. We do not certify your platform, we do not run penetration tests, and we do not sell platform licenses. The remediation work, if you want our help with it, is a separate engagement.

Often paired with

Identity Lifecycle Automation

Joiner, mover, leaver: automated, audited, accountable.

RBAC/ABAC Implementation

Defensible access policy, deployed in six weeks.

Need something more comprehensive?

Not every identity program fits a package.

If your situation is larger, spans multiple platforms, or needs a custom roadmap, our advisory practice takes on bespoke engagements.

Explore our advisory services →
Worth a second opinion?

Worth a second opinion?

A 30-minute scoping call confirms fit and tier. No obligation.

Schedule a 30-minute scoping call