📊 CGAP

Cyber Governance Assurance Platform

Telemetry-backed governance scoring and portfolio monitoring built for private equity firms and portfolio company leadership. Stop guessing at your security posture — measure it.

🔧 Active Development Python / FastAPI PE-Focused API-First
CGAP Governance Dashboard

❌ The Problem

  • PE firms can't see governance risk across portfolio companies
  • Generic compliance scores don't reflect actual security posture
  • Audit prep consumes weeks of engineering time per company
  • No consistent measurement across companies in different industries
  • Remediation guidance is generic, not prioritized by impact
  • Scoring changes are invisible — no audit trail

✅ Our Solution

  • Ingest real telemetry from your existing security tooling
  • Explainable scores with full data lineage — no black boxes
  • Portfolio roll-up: one pane of glass across all companies
  • Framework-aware scoring across 7 governance pillars
  • Remediation ranked by impact-to-cost ratio
  • Snapshot versioning for auditable scoring history

The Scoring System

CGAP produces three primary scores and two portfolio-level aggregates — all derived from your real telemetry data, not self-assessments.

GMI
Governance Maturity Index
How mature are your security processes and controls? Scored across all 7 governance pillars.
GPI
Governance Performance Index
Are your controls actually performing? Measures effectiveness of deployed tooling against active threats.
GES
Governance Effectiveness Score
Composite measure of maturity + performance. The single number your board actually needs to see.
REI
Regulatory Exposure Index
Real-time gap analysis across 7 compliance frameworks — FedRAMP, CMMC, SOC 2, HIPAA, PCI DSS, ISO 27001, NIST CSF.
PGI
Portfolio Governance Index
PE-level roll-up: risk distribution, benchmarking, and outlier detection across all portfolio companies.

Key Capabilities

🔌

Deep Integrations

Native connectors to the tooling you already own — no new agents or proprietary sensors required.

Azure AD / Entra ID AWS Security Hub GCP SCC Microsoft Defender Okta CrowdStrike Jira ServiceNow
🧠

AI-Powered Remediation

Claude AI generates context-aware remediation recommendations ranked by impact-to-cost ratio — not generic best-practice lists.

🏢

Portfolio Roll-Up

Purpose-built for PE firms. Normalize scores across companies in different industries, sizes, and maturity levels. Identify outliers before they become incidents.

📋

Auditable History

Every score is versioned and timestamped. Full data lineage from raw telemetry to final score. Demonstrate governance improvement over time to investors and auditors.

API-First Architecture

Built headless from day one. Integrate CGAP scores into your existing GRC tooling, dashboards, or reporting pipelines via REST API.

🛡️

7 Governance Pillars

Identity & Access Management, Threat Detection, Vulnerability Management, Data Protection, Incident Response, Cloud Security, and Supply Chain Risk.

Stop Guessing. Start Measuring.

CGAP is in active development. We're working with a select group of PE firms and portfolio companies in early access. If governance visibility across your portfolio is a problem you need solved, let's talk.

Request Early Access Schedule a Briefing