Optimised Cyber Risk Assessments
From scoping to sign-off, without the spreadsheet sprawl.
Speculo walks your team through a structured, seven-stage assessment workflow that captures the right information at every step. Configurable risk scoring, built-in evidence collection, and parallel assessments across business units, all in one platform.
STRUCTURED WORKFLOW
Seven stages. Every assessment, done right.
Introduction, Data, Scope, Risks, Controls, Remediation, and Sign-Off. Each stage captures the right information at the right time, so nothing falls through the cracks and nothing is left to interpretation. You can run multiple assessments in parallel, track progress across business units, and generate reports at any point in the process.
- Three assessment levels: Compliance Focus, Maturity Assessment, and Audit Optimisation. Match the depth of the assessment to its purpose, with directional upgrade between levels.
- Fully permission-based: each person in the workflow only has access to the areas relevant to their role, so access is scoped to the job, not the platform.
- Digital sign-off, recertification tracking, and automatic renewal reminders keep assessments current without manual follow-up.
- Progress visible at every stage, across every business unit, with report generation available before the assessment closes.
RISK SCORING
A risk matrix that shows the impact of every control.
Speculo's risk scoring uses a configurable likelihood-by-impact matrix with colour-coded heatmaps. Before you commit to evidencing or actioning a control, you can see its relative strength in reducing risk, so effort goes to the controls that matter most. Three assessment levels let you match the depth of the scoring to the purpose of the assessment.
- Configurable likelihood-by-impact matrix with colour-coded heatmaps and current-versus-target visibility across your risk register.
- Understand the relative risk reduction each control offers before deciding whether to evidence or action it, so your team's effort is focused where it counts.
- An intelligent risk matrix that guides you to consistent entries, preventing scoring errors that would undermine your results.
CONTROLS AND EVIDENCE
Controls assessed once. Evidence collected once.
The controls stage links your control assessments directly to the risks they address. Controls can be measured against a standard effectiveness scale or against maturity levels, so the assessment matches how your organisation actually runs its security programme. Evidence is tracked per-control with approval status and usage counts, and approvers can review individually or in batch.
- Two ways to assess controls: an effectiveness rating (Effective, Partially Effective, or Ineffective) for a clear compliance signal, or a maturity level rating that gives deeper insight when you are building a structured cyber security programme.
- Evidence re-use across controls and assessments eliminates duplicate collection and keeps your evidence register lean.
- Batch evidence approval for efficiency when reviewing large evidence sets, with per-item approve/reject and comments for detailed review.
See the assessment workflow in action.
Book a 30-minute walkthrough. No pitch deck, no procurement process. Just a clear look at whether the platform fits.