Fixed scope, standard deliverables. Bring one agent workflow; leave with reproducible, framework-mapped findings you can take into a release review.
Fixed scope, standard deliverables. Leave with reproducible, framework-mapped findings you can take into a release review.
We confirm the workflow, the boundaries that matter, and how you’ll judge success.
We turn the agreed scope into a scenario against an approved sandbox or endpoint — synthetic data, canary markers, production untouched.
The clock starts once scope, test-environment readiness, and required access are confirmed at kickoff. Reproducible, confidence-labeled findings mapped to the standards and regimes your teams use, with remediation ownership — ready for a release or governance review.
No. Fisher runs against an approved sandbox, simulated environment, or approved endpoint with synthetic data and canary markers. We do not request production access, employee or customer credentials, or real customer records.
At kickoff — once scope is confirmed, the approved test environment is ready, and required access is available. Not when you submit this form.
An executive findings memo (~2 pages), a technical findings report with reproduction steps, a risk-severity matrix in your own vocabulary, and a reproducible evidence package designed for audit and governance review.
No. Findings can be mapped to the standards, frameworks, threat taxonomies, and regulatory regimes your teams use. Mapping is contextual and supports internal analysis — it is not certification, legal advice, or a determination of compliance. The release decision remains yours; our evidence informs it.
The Assessment runs on the Fisher platform. The same attack → prove → remediate → re-test loop can then extend across future material releases.
Results are delivered to your authorized team and handled according to the agreed engagement and data-handling terms.