It is a real report
Not a mock-up. Not a template with fake data. A real scan of a real domain, with the actual findings, run on the date shown. The only thing removed is names.
This is my own security and compliance report -- run on my own business, published in full, with only customer names removed. Nothing glossy. Nothing hidden.
The single PDF an insurer, regulator, or enterprise procurement team asks for as proof of reasonable steps -- privacy policy, breach response plan, security scan results, third-party data list, email fraud protection, and the signed government security checklist. 17 pages. Same template every client receives -- applied to my own business first.
Source: titanos.tech/scan · Methodology
A plain-English report you can hand straight to your insurer or a big client as proof — here's exactly what it looks like.
Not a mock-up. Not a template with fake data. A real scan of a real domain, with the actual findings, run on the date shown. The only thing removed is names.
Most security consultants describe the deliverable in bullet points. I publish the actual document so there is no gap between what you expect and what you receive.
If I ask clients to get their privacy policy right, their email fraud protection set up, and their breach plan documented -- I should be able to show mine first.
This is a real security and compliance report run against my own website and business. It is the same format every client receives -- so you can see exactly what you are paying for before committing to anything.
The scan results, privacy policy, email security records, and signed checklists are all included. The sections that are built from your own data -- like your staff access list, your specific software screenshots, or your signed attestation -- are not in this sample, because those can only be written using your information. They are produced during the engagement.
Grouped into three categories so you can see at a glance what the report covers. Every section is plain English — no assumed technical knowledge.
A one-page overview of what was checked, what was found, what was fixed, and what is still on the list. Written so a bank, insurer, or government contact can understand the whole picture in under two minutes -- no technical knowledge needed.
A ready-to-publish privacy policy updated for Australia's new privacy laws (December 2026), plus a plain-English section explaining which AI tools the business uses, what decisions they make about customers, and how a customer can ask for those decisions to be reviewed.
A step-by-step action plan for a data breach -- who to call, what to do in the first 24 hours, what to say to affected customers, and how to meet Australia's legal notification deadline (30 days under the Notifiable Data Breaches law). Built so you are not making decisions under pressure.
A one-page list of every external tool or platform that handles your customer data -- what data they hold, what your agreement with them covers, and when you last reviewed their security. The kind of list a large client or insurer will ask for.
The full results of an independent external security scan -- every issue found, how serious it is, whether it has been fixed, and the evidence that the fix worked. Nothing hidden, nothing cherry-picked.
Proof that your email domain is locked down so nobody can send fake emails pretending to be your business -- a technique used in most phishing and invoice fraud attacks. Shows the three records (SPF, DKIM, DMARC) that block this, all verified and active.
A documented checklist of the security settings applied to your Microsoft 365 or Google Workspace -- things like who can access what, whether logins are logged, and whether two-factor authentication is required. Mapped to the Australian government's recommended security baseline.
Screenshots and written policy showing that two-factor authentication (the 'enter a code from your phone' login step) is switched on and enforced for everyone in the organisation -- not just switched on for some people, not just a policy on paper.
Documentation of what gets backed up, how often, where it is stored, and how quickly data can be restored if something is deleted, corrupted, or locked by ransomware. Answers the question every insurer eventually asks.
Proof that the operating systems, browsers, and applications in your business are kept up to date -- with evidence of the update schedule, not just a claim. Outdated software is the most common entry point for attackers.
A record of which staff can access which systems, how access is given to new staff, and how access is removed when someone leaves -- plus when this was last reviewed. Stops ex-employees and over-privileged accounts from becoming a problem.
A signed letter confirming which items from the Australian government's Essential Eight security checklist your business has completed -- the document an enterprise client, government agency, or insurer typically asks for before doing business with you.
A signed letter documenting the specific steps taken to comply with the Australian Privacy Act, with each step mapped to the relevant legal requirement. The document a lawyer, regulator, or large client asks to see.
If you have never seen a compliance report before, these are the things most people want to know first.
AU$5,997 one-time. Includes 3 months of Titanos Monitor at no extra charge (optional to continue at AU$149/mo after that -- no automatic billing). One working session together -- all 13 sections completed, written for your specific business, ready to hand to a client, insurer, or regulator.
ABN 34 318 502 254· Every document reviewed and signed off by Kyle Deligny personally · Terms