Freecloud Service
Security Baseline Review
A practical way to find out what is solid, what is weak, and what needs attention before it turns into a problem.
Most small businesses don’t need a full-blown security program on day one.
They do need a clear view of whether the basics are actually under control.
That is what this review is for.
The Freecloud Security Baseline Review gives you a structured, plain-English view of where your current setup stands across the areas that tend to cause trouble later: access, patching, monitoring, backups, and operational ownership.
No drama. No bloated paperwork. No box-ticking for the sake of it.
What it helps you answer
- Are the basics actually in place?
- Are there obvious gaps hiding in plain sight?
- Would your current setup stand up to customer scrutiny?
- Are you relying on luck in areas like backups, patching, or access control?
- What should you fix first?
What the review covers
- Identity and access
- Patch and vulnerability management
- Logging and monitoring
- Backup and recovery
- Operational governance
Each area is reviewed against a practical baseline, scored, and weighted so the more serious gaps stand out properly.
What you get
You come away with a much clearer view of where you stand and what needs attention first.
- 35-point structured review
A practical assessment across the areas that usually cause trouble later. - Weighted scoring across five areas
So the serious gaps stand out properly instead of getting lost in the detail. - Top risks called out clearly
No guesswork. No burying the important stuff halfway down page four. - Short written report in plain English
A report you can actually read, use, and share internally. - Walkthrough of findings and next steps
A chance to talk through what matters, what can wait, and what to do next.
The aim is simple: give you something practical enough to act on, without drowning you in theory or paperwork.
Common things this review uncovers
- MFA in some places, but not all the places that matter
- Patching that depends too much on memory and good intentions
- Vulnerability scanning that only covers internet-facing assets
- Logs that exist, but are never really reviewed
- Backups that have never been properly restore-tested
- No clear ownership when something goes wrong
Who it is for
This works best for SMBs, cloud-first teams, and growing businesses that want a clearer grip on their current position.
It is a good fit if you are:
- running in AWS or another cloud platform
- being asked more security questions by customers
- thinking about Cyber Essentials or ISO27001 readiness
- growing faster than your internal controls have kept up
- not entirely convinced your setup would stand up to proper scrutiny
What it is not
- Not a certification service
- Not a formal ISO27001 audit
- Not a penetration test
- Not a vague “health check” that leads nowhere
How it works
- Short kickoff call to understand the environment and scope
- Evidence gathering through screenshots, configs, and process walkthroughs
- Structured review against the Freecloud baseline model
- Report, prioritised findings, and walkthrough session
It stays focused and grounded. No inflated scope. No theatrical scare tactics. Just a straight view of where things stand.
What happens afterwards
Some businesses use the report internally and work through the actions themselves. Others want help sorting the gaps out properly.
That follow-on work can include:
- access control and MFA improvements
- patching and vulnerability process design
- logging and monitoring improvements
- backup and recovery testing
- security governance and readiness support
Pricing
The Security Baseline Review is a fixed-scope piece of work.
Typical price: £1,500 to £2,000
The exact price depends on scope, complexity, and the size of the environment. Any follow-on remediation work is scoped separately.
Not sure where you stand?
If you have a nagging feeling that the basics might not be as solid as they should be, that is usually the right time to check.