Is Your Organisation Ready for Activitee?

Answer 12 questions about your environment. We'll tell you exactly what to prepare, which modules to start with, and how to get value in 30 days.

Product Fitment Assessment

Before you connect Activitee to your environment, we need to understand what you have today. This takes about 3 minutes and gives you a personalised adoption roadmap.

Work Email *

Full Name

Company

Your Role

Your information is used only to personalise your adoption plan. We don't share it.

Phase 1: Identity Environment

1 of 12

What is your primary identity provider?

This determines which connector we configure first and what access data Activitee can ingest automatically.

Microsoft Entra ID (Azure AD)

SSO, Conditional Access, Directory Sync

On-Premises Active Directory

Domain-joined, LDAP, Group Policy

Okta / Auth0

Cloud-native identity, Universal Directory

Google Workspace Identity

Google Admin, Cloud Identity

Ping Identity / ForgeRock / Other

Enterprise IdP not listed above

No centralised identity provider

Local accounts, spreadsheets, or ad-hoc access

What is your current MFA enforcement status?

MFA coverage is the single most impactful control. Activitee's compliance engine monitors this daily — we need to know your starting point.

100% enforced — all users, all apps

Conditional Access or equivalent policy enforces MFA everywhere

Partial — admins and some users

MFA enabled but not enforced for all users or all applications

Admins only

Only privileged accounts have MFA; standard users don't

No MFA deployed

Password-only authentication across the board

How do you currently review who has access to what?

Access reviews are required by SOC 2, ISO 27001, CPS 234, and DORA. This tells us whether to start with basic visibility or advanced certification campaigns.

Automated periodic reviews with approval workflow

Formal access review process with documented approvals and revocations

Manual — spreadsheet exports, manager review

Quarterly or annual review via spreadsheet exports, manager sign-off

Ad-hoc — only when auditor asks

No scheduled reviews; done on-demand for compliance evidence

No access reviews conducted

Don't currently review who has access to what systems

Which compliance frameworks do you need? (Select all that apply)

This determines which assessment playbooks, control libraries, and evidence templates we activate for your organisation.

SOC 2

ISO 27001

IRAP / ISM

Essential Eight

CPS 234

GDPR

ISO 42001

DORA

NIS2

Cyber Essentials

India DPDP

Not sure yet

How do you currently manage compliance evidence and assessments?

If you're migrating from another tool, we can import existing evidence. If starting fresh, we'll prioritise the evidence vault setup.

GRC platform (Vanta, Drata, Sprinto, Archer, ServiceNow)

Existing compliance automation or GRC tool

Spreadsheets + shared drives

Google Sheets, Excel trackers, SharePoint folders

External consultant manages it

Big 4 or boutique consulting firm handles compliance

No formal compliance programme

Starting from scratch — no evidence, no assessments, no documentation

Which cloud platforms and major SaaS tools do you use?

These are the systems Activitee's monitoring engine will check for drift, misconfigurations, and access anomalies.

AWS

Microsoft Azure

Google Cloud

Microsoft 365

Salesforce

GitHub / GitLab

Slack / Teams

Primarily on-premises

How many employees / members need to be governed?

This determines your plan tier and how we configure the member import — bulk CSV, API sync, or connector auto-discovery.

Under 100

Small team — manual member management works

100 - 500

Medium org — connector-based auto-import recommended

500 - 5,000

Large org — full IAM integration essential

5,000+

Enterprise — multi-tenant, delegated admin, SCIM provisioning

Do you have service accounts, API keys, or bot/agent identities to manage?

Non-human identities are the fastest growing attack surface. This tells us whether to activate Agent Governance from day one.

Yes — significant (20+ service accounts, AI agents, bots)

Multiple automated systems with standing access to production

Some — a handful of service accounts and API keys

5-20 non-human identities, mostly well-known

Minimal — a few API keys, no formal tracking

Under 5 service accounts, no AI agents

Don't know

No visibility into non-human identities — this itself is a finding

Do you process personal data that requires privacy governance?

If yes, we activate Privacy Management: consent records, DSAR workflows, breach notification, and cross-border transfer tracking.

Yes — large volumes of customer PII, health data, or financial data

Subject to GDPR, Privacy Act, DPDP, or HIPAA

Moderate — employee data + some customer data

HR records, customer emails, billing information

Minimal — mostly B2B, limited personal data

Business contact information only

What security documentation do you already have?

Existing policies can be uploaded to the Evidence Vault immediately. Gaps will be highlighted for AI-assisted generation.

Comprehensive — policies, procedures, risk register, BCP/DR

10+ security documents, reviewed within the last 12 months

Partial — some policies but gaps exist

3-5 documents, some outdated or incomplete

Basic — maybe an InfoSec policy and AUP

1-2 documents, high-level only

None — no formal security documentation

Starting completely fresh

What's driving your compliance timeline?

Urgency shapes the adoption plan. A customer contract deadline means we prioritise certification readiness; a board mandate means governance first.

Urgent — contract, tender, or regulatory deadline within 3 months

Must demonstrate compliance quickly

Planned — 3-6 month roadmap

Board-approved initiative with a timeline

Proactive — building ahead of need

No immediate deadline, but want to be prepared

Exploring — evaluating options

Researching tools, not committed to a timeline yet

What is your single biggest security or compliance pain point today?

Your first 30 days in Activitee should solve your biggest problem. This ensures we start with the module that delivers the most value.

No visibility into who has access to what

Can't answer "show me all admins" or "who can access production?"

Can't produce compliance evidence quickly

Auditor asks for evidence and it takes days/weeks to gather

Managing multiple frameworks with overlapping controls

Doing the same work three times for SOC 2, ISO 27001, and GDPR

Compliance posture degrades between audits

Pass the audit, then things drift until next time

AI/agent governance — shadow AI, unmanaged bots

AI systems running without oversight, credentials, or access reviews

Don't know where to start

Overwhelmed by requirements, need a structured plan