Posture Index · Your organisation
-
-
Posture across the six Functions
Higher is more mature. Data table below for screen readers.
Function sub-scores
Indicative annual financial exposure
how we estimate this
AED -
A calm, order-of-magnitude range from your posture and size - not a prediction, and not from your accounts.
Your five highest-impact actions
Ordered by the points they recover. Each names the control so your IT partner knows exactly what to do.
Optional - fuse with an ExposureX outside-in scan
Your questionnaire is the inside-out view. ExposureX is the outside-in view. The honest headline is the weakest link of the two - because attackers use whichever is weaker.
How H-Score is calculated - the full rubric
Answer scale (per question): 0 None · 1 Ad-hoc · 2 Defined · 3 Managed · 4 Automated.
Function score = weighted average of its questions, scaled to 0-100. High-impact questions (MFA, patching, tested backups) carry more weight.
Overall = weighted blend of the six Functions (Protect and Recover weighted higher by breach impact).
Floor rules (hard gates): no enforced MFA, or backups never restore-tested, cap the headline at Developing until fixed - with the exact control named.
Bands: 0-24 Exposed · 25-49 Developing · 50-74 Managed · 75-89 Resilient · 90-100 Optimised.
AED band is an order-of-magnitude estimate from posture and size - indicative only.
Next step
Turn this baseline into a plan.
H-Score shows you where you stand. A Hallatec baseline review validates it with evidence and sequences the fixes into a roadmap your leadership can sign off.
Self-declared posture index; reflects your answers; point-in-time. Not an audit or a scan. AED exposure is indicative and order-of-magnitude.