A structured framework for measuring how much control you actually have over your digital infrastructure. Not marketing — methodology.
Example scores for typical deployment patterns. Your actual score depends on your specific infrastructure decisions.
Each category is independently scored and weighted based on organizational risk profile.
Legal jurisdiction of infrastructure provider, data residency, applicable law enforcement frameworks (CLOUD Act, FISA).
Physical location of data, encryption key ownership, data portability, backup jurisdiction, cross-border transfer mechanisms.
Ability to operate without external dependencies. Staff jurisdiction, supply chain control, maintenance autonomy.
Open source vs. proprietary components. License risk, source code access, ability to fork, community governance model.
Hardware origin, firmware control, OEM dependency, ability to substitute vendors. Single points of failure in the procurement chain.
Cost predictability, egress fees, license escalation clauses, contract exit terms, total cost of switching.
NIS2, GDPR, DORA alignment. Audit readiness, incident reporting capability, third-party oversight mechanisms.
Identity provider jurisdiction, authentication independence, privilege escalation paths, break-glass procedures.
Data export capability, API compatibility, migration tooling, contractual exit terms, documented runbooks for provider switch.
Each of the 9 categories contains 5-10 individual controls. Each control is scored 0-100. Category scores are weighted based on your organization's risk profile — a government entity weights jurisdictional control higher than a startup.
The assessment produces a composite score (0-100) plus per-category breakdowns. Each control includes specific remediation steps with estimated effort and impact. You get a prioritized roadmap, not just a number.
Find out where you stand — and get a concrete plan to close the gaps.