Home / Services / Sample Report

Monthly security report

Your security report. Produced and delivered every month.

20 controls checked. Scored out of 215. Every finding explained in plain English, with clear priorities and actions. Written for the person running the business, not just the person running IT.

Sample report — Example Ltd · March 2026 · This is example data, not a real client

0 out of 215

Above average — typical first-time score is around 95

Client
Example Ltd
Period
March 2026
Users
12
Devices
14
Trend
↑ 12 pts
46 /50
Identity & Access
55 /55
Email Security
45 /55
Data Governance
36 /55
Device Management
Identity & Access 46 / 50
MFA enforced — 12/12 users compliant
10 / 10
Password policy — strong, 90-day expiry
10 / 10
Admin roles — 1 super admin (correct)
10 / 10
0 inactive accounts (>90 days)
10 / 10
Less secure app access — 2 users have legacy app exceptions
6 / 10
Email Security 55 / 55
SPF — hard fail (-all) configured correctly
11 / 11
DKIM — google selector verified and passing
11 / 11
DMARC — reject policy, aggregate reports active
11 / 11
No suspicious forwarding rules detected
11 / 11
Gmail safety settings — enhanced pre-delivery scanning on
11 / 11
Data Governance 45 / 55
External sharing — restricted to domain allowlist
11 / 11
Shared Drive permissions — correctly scoped
11 / 11
Google Groups — 1 group allows external posting
6 / 11
Marketplace apps — 3 approved, no unrestricted access
11 / 11
Data regions — not configured (recommended for regulated clients)
6 / 11
Device Management 36 / 55
Mobile Device Management — enabled and enforced
11 / 11
Endpoint protection — deployed on 12/14 devices
11 / 11
OS patch compliance — 1 MacBook pending macOS 15.3.1
6 / 11
Screen lock — 2 mobile devices have no PIN requirement
2 / 11
Remote wipe — confirmed for managed devices only (2 BYOD unmanaged)
6 / 11

Recommended actions this month

High

Enforce screen lock PIN on 2 mobile devices. These devices can access company email and files without a lock screen.

↳ GetBulwark pushes this policy remotely. No action required from users.
Med

Revoke less secure app access for 2 users. Legacy apps are using basic authentication. GetBulwark will contact both users to migrate to OAuth-compatible alternatives.

Med

Restrict external posting on the "general" Google Group. Currently anyone outside the company can send email to this group address.

Page 01

Score and summary

The first page gives the overall score, category scores, and the short version of the month: what improved, what still needs work, and whether the environment is moving in the right direction.

Page 02

Finding-by-finding detail

Every control is listed individually with a pass, warning, or fail result. Nothing gets hidden behind “generally good” language. You can see exactly what is live and what is not.

Page 03-04

Actions and evidence trail

The report ends with what changed, what is scheduled next, and what evidence now exists. That is what makes the service defensible rather than just reassuring.

Before Hardening
97 / 215
  • !MFA partly enforced, not universal
  • !DMARC present but not at reject
  • !No backup outside Google
  • !No clear score the buyer could rely on
After Hardening
164 / 215
  • MFA enforced on every account
  • DMARC at reject with reporting live
  • Daily backup outside Google configured
  • Monthly reporting starts from a clean baseline
What It Proves

The work is actually happening

A monthly report means the client does not have to guess whether the environment is still being checked. There is a dated record of what was reviewed and what changed.

What It Proves

The standard is staying fixed

The point is not a one-off cleanup. The report shows whether MFA stayed enforced, whether DMARC stayed correct, whether device coverage drifted, and whether new gaps appeared.

What It Proves

The buyer has something concrete

This is the document a founder, ops lead, client, insurer, or advisor can actually read. It replaces “I think our IT company handles that” with something specific and current.

Every GetBulwark client receives this report as a 4-page PDF on the 1st of each month. 20 checks across 4 categories, scored out of 215 — every finding explained in plain English, with clear priorities for what to address first.

If nobody has checked your Workspace properly, start there.

The first audit is free. 45 minutes, 20 controls reviewed, written report within 48 hours. Yours to keep whether you work with GetBulwark or not.

Book your free audit See the monthly review See what month one looks like