DOCUMENTATION

Welcome to SecureGap Docs

Everything you need to get started, run assessments, understand your results, and get the most out of the platform.

Getting Started

Getting Started

What is SecureGap?

SecureGap is an AI-powered security assessment platform that helps mid-market organizations identify gaps across eight security layers and generate prioritized remediation roadmaps — without sitting through a six-week consulting engagement.

full overview of the product, the engine, and who SecureGap is built for.
Last updated: April 2026
Getting Started

How to create your account

Sign up takes about two minutes: an email, an organization profile, and you're in. This guide walks through each step and explains what each field is used for downstream.

signup walkthrough, organization profile setup, inviting teammates.
Last updated: April 2026
Getting Started

Running your first assessment

Pick an assessment type, answer context-aware questions, and watch the gap engine generate findings layer by layer. Most teams finish their first run in under an hour.

choosing assessment type, what to expect during the flow, tips for clean answers.
Last updated: April 2026
Getting Started

Understanding your results

Your results come in three views — the risk map, the findings list, and the remediation roadmap. Each one answers a different question; this guide explains when to use which.

risk map walkthrough, findings semantics, roadmap structure.
Last updated: April 2026
Assessments

Security Layer Assessment

The flagship assessment. Covers all eight layers with adaptive questioning that branches based on your environment profile and previous answers.

full breakdown of the SLA flow, question types, and output.
Last updated: April 2026
Assessments

Vendor Evaluation

A focused assessment for evaluating third-party vendors. Same engine, scoped to vendor-specific risk surfaces.

vendor evaluation scope, what's measured, how scores are calculated.
Last updated: April 2026
Assessments

Quick Scan

A 10-minute snapshot for teams that want a fast read on where they stand before committing to a full assessment.

quick scan flow, what's covered, when to upgrade to a full SLA.
Last updated: April 2026
The 8 Layers · L1

L1 · Perimeter & Network

The outermost layer — firewalls, network segmentation, ingress/egress controls, and the structural decisions that decide what touches your environment in the first place.

what L1 measures, common gaps, and how findings are structured.
Last updated: April 2026
The 8 Layers · L2

L2 · Identity & Access

Who can do what, with what credentials, under what conditions. Identity is where most real-world breaches start; this layer treats it that way.

identity controls, MFA posture, privilege boundaries.
Last updated: April 2026
The 8 Layers · L3

L3 · Endpoint Protection

Devices are where work happens — and where most malware lands. This layer covers EDR, hardening baselines, patching cadence, and BYOD posture.

endpoint controls, what coverage looks like, common shortfalls.
Last updated: April 2026
The 8 Layers · L4

L4 · Application Security

The code you ship and the dependencies you pull in. SAST, DAST, SBOM hygiene, and secret scanning all live here.

appsec controls, dependency posture, secret hygiene.
Last updated: April 2026
The 8 Layers · L5

L5 · Data Security

Where sensitive data lives, who touches it, and what happens to it at rest, in transit, and in use. Classification, encryption, DLP, and lifecycle.

data classification, encryption coverage, DLP boundaries.
Last updated: April 2026
The 8 Layers · L6

L6 · Cloud & Infrastructure

IAM in the cloud, configuration drift, exposed buckets, IaC posture, and the shared-responsibility lines that decide what's actually yours to fix.

cloud posture controls, common misconfigurations, IaC hygiene.
Last updated: April 2026
The 8 Layers · L7

L7 · Detection & Response

Telemetry coverage, alert quality, runbook readiness, and the difference between having a SIEM and being able to use one in a real incident.

detection posture, response readiness, telemetry gaps.
Last updated: April 2026
The 8 Layers · L8

L8 · Governance & Human Risk

Policy maturity, training cadence, role clarity, and the human side of security — usually the layer with the highest leverage and the lowest investment.

governance posture, training, role clarity, human risk signals.
Last updated: April 2026
Risk Map

Reading your risk map

The risk map is a heatmap of all eight layers crossed with severity. This guide explains what each cell means and how to read the patterns that show up most often.

anatomy of the risk map, common patterns, how to drill into a cell.
Last updated: April 2026
Risk Map

Severity levels explained

Critical, High, Medium, Low — and why SecureGap weights them the way it does. Severity isn't just impact; it's impact crossed with likelihood and dependency.

severity definitions, scoring methodology, edge cases.
Last updated: April 2026
Remediation Roadmap

How the roadmap is generated

Findings get grouped into initiatives, ordered by dependency, and slotted into phases. Here's the logic the planner uses to decide what comes first.

planner logic, phase boundaries, initiative grouping.
Last updated: April 2026
Remediation Roadmap

Managing initiatives

An initiative bundles related findings into a single piece of work. This guide covers editing, splitting, merging, and assigning owners.

initiative editing, splitting/merging, ownership.
Last updated: April 2026
Remediation Roadmap

Linking to projects

Push initiatives out to your tracker so the work happens where work already lives. Native links for Linear, Jira, GitHub Projects, and Asana.

integration setup, sync behavior, linking semantics.
Last updated: April 2026
Account & Billing

Managing your account

Profile, organization details, security settings, and notification preferences — all in one place.

account settings walkthrough.
Last updated: April 2026
Account & Billing

Team members & seats

Inviting people, assigning roles, and understanding how seats are counted across your subscription.

invitations, role matrix, seat accounting.
Last updated: April 2026
Account & Billing

Subscription & billing

Plans, billing cadence, invoices, payment methods, and how mid-cycle changes are handled.

plan structure, billing cadence, mid-cycle changes.
Last updated: April 2026
Account & Billing

Cancellation & data deletion

How to cancel, what happens to your data, the 30-day retention window, and how to request immediate deletion.

cancellation flow, data lifecycle, deletion requests.
Last updated: April 2026
FAQ

Frequently asked questions

Short answers to the questions we get most often — about pricing, data, the engine, and the trial.

FAQ entries, pricing, data, engine internals, trial.
Last updated: April 2026
Was this helpful?

Tell us how we're doing.

Still have questions?

Email a real person.

We answer within one business day. No ticket queue, no auto-responder.