Gordon runs Comprehensive Security Checks — automated assessment across all key security domains: Identity & Access, Endpoint Security, Network Security, Data Protection, Incident Response, Backup & Recovery, Cloud Security, and Security Awareness. Each check is scored and benchmarked against industry standards.
Every check is mapped to NIST CSF, ISO 27001, CIS Controls, and Indian regulatory frameworks (RBI IT, SEBI, IRDAI, DPDP Act). See exactly which framework controls you pass, fail, or partially meet — with evidence for auditors.
Failed checks are ranked by risk impact and remediation effort — so you always know what to fix first. Each remediation item includes step-by-step instructions, estimated effort in hours, and the risk reduction value of fixing it.
Gordon re-runs the assessment automatically every 30 days — tracking your security score over time, alerting you when scores drop, and showing the improvement trend as you remediate issues. Your security posture is never stale.
Generate board-ready security posture reports and audit-ready evidence packs in one click. Reports include your overall security score, domain-by-domain breakdown, trend over time, and comparison against industry peers in your sector.
See how your security score compares to other organisations in your industry, revenue band, and geography. Understand whether you are above or below the median for your sector — and what the top-quartile organisations do differently.
Gordon integrates with your Microsoft 365, Google Workspace, AWS, Azure, and GCP environments via read-only API connections. No agents to install, no firewall changes required. Setup takes under 30 minutes.
Gordon automatically runs all 60 checks against your connected environment — checking MFA status, patch levels, backup configurations, encryption settings, access controls, and more. No manual questionnaires to fill in.
Results are scored on a 0–100 scale across 8 domains. Your overall security score is benchmarked against industry peers, regulatory requirements, and best practice frameworks. You receive a full report within 24 hours of connecting.
Work through the prioritised remediation roadmap. Gordon automatically detects when you fix an issue and updates your score in real time. Track your security improvement journey with month-over-month trend charts.
A payment gateway company had an RBI IT framework audit in 90 days. Their CISO had no clear picture of their current compliance posture and was worried about failing the audit.
Gordon's assessment revealed 23 gaps against RBI IT framework requirements. The prioritised remediation roadmap helped them fix all critical gaps in 60 days. They passed the RBI audit on their first attempt with no major observations.
A ₹800Cr manufacturing company had never formally assessed their security posture. After a competitor suffered a ransomware attack, their board demanded a security report within 30 days.
Initial score: 34/100. Gordon identified 31 gaps, with MFA and patch management as the top priorities. After 6 months of working through the remediation roadmap, their score reached 78/100 — above the industry median of 62.
A healthcare technology company needed ISO 27001 certification to win enterprise contracts. They had no idea how far they were from certification requirements or how long it would take.
Gordon's ISO 27001 gap assessment identified 47 control gaps. The prioritised roadmap helped them achieve certification in 8 months — 4 months faster than the industry average. The certification helped them close 3 enterprise deals worth ₹12Cr.
Choose the plan that fits your team. Security Checklist features are highlighted below — scroll down to see the full platform included in every plan.
| Features | Free | Startup | Enterprise | Custom |
|---|---|---|---|---|
| ▶Overview(3 features) | ||||
| Gordon AI Credits (monthly) | 50 credits | 500 credits | 2,500 credits | Custom allocation |
| Dashboard | ✓ | ✓ | ✓ | ✓ |
| Account (User) Limit | 1 account | Up to 5 | Up to 20 | Unlimited |
| ▶Assess(7 features) | ||||
| Security Checklist (60-point) | Strong & Standard only | Dynamic + Analytics | Dynamic Checklist | ✓ |
| VAPT (Vulnerability Assessment) | — | — | 5 API + 10 Dynamic Pages | Custom |
| Third Party Risk | — | — | 3 vendors | Unlimited |
| Financial Impact — Risk Quantification | — | — | ✓ | ✓ |
| Financial Impact — Security ROI | — | — | ✓ | ✓ |
| Security Awareness (Phishing Sim + Training) | 5 Campaigns | 10 Campaigns | ✓ | ✓ |
| Cyber Force | — | — | On Demand | On Demand |
All other platform modules included | ||||
| ▶Identify(8 features)Other modules | ||||
| Monitored Domains | 1 | 5 | 20 | Unlimited |
| Monitored IPs | 5 | 50 | 500 | Unlimited |
| Monitored Web Apps | 1 | 5 | 20 | Unlimited |
| Tech & Services | ✓ | ✓ | ✓ | ✓ |
| Phishing Risk (Lookalike Domain + Email Security) | — | ✓ | ✓ | ✓ |
| Code Workspace (GitHub, GitLab, Bitbucket) | — | — | 2 Workspaces | Custom |
| Cloud Security Compliance | — | — | Single Cloud (3 instances) | Multi Cloud (10+) |
| Workforce Risk Monitoring | — | ✓ | ✓ | ✓ |
| ▶Monitor (SOC & Threat)(10 features)Other modules | ||||
| SOC Overview | — | — | 5 SOC Reports | ✓ |
| Alert Triage | — | — | 5,000 alerts/mo | Unlimited |
| Investigation | — | 50 investigations | Unlimited | ✓ |
| Threat Hunting | — | 1 exercise | Custom | Custom |
| Auto Response | — | — | ✓ | ✓ |
| Risk Monitoring | — | 5 Category dashboards | ✓ | ✓ |
| Threat Intelligence (Threats, IOCs, Campaigns) | — | 10 threats, 5 IOCs, 2 campaigns | Unlimited | Custom |
| Alert Center | — | ✓ | ✓ | ✓ |
| Brand Intelligence (Monitoring + Takedown) | 50 notifications | 1 Company monitoring | Full + Takedown | Full + Custom feeds |
| Dark Web Monitoring | Credential & Org Leaks | Industry + APT + Recent leaks | ✓ | ✓ |
| ▶Risk Transfer(2 features)Other modules | ||||
| Cyber Insurance | — | ✓ | ✓ | ✓ |
| Incident Hotline (24/7) | — | — | ✓ | ✓ |
| ▶Compliance (GRC)(2 features)Other modules | ||||
| GRC Module | 1 Policy creation | 1 framework | 3 frameworks | All + Custom |
| Unlimited Policy Generation | — | ✓ | ✓ | ✓ |
| ▶Extras & Integrations(3 features)Other modules | ||||
| Integrations | ✓ | 3 active | 15 active | All 26+ & Custom API |
| Marketplace | ✓ | ✓ | ✓ | ✓ |
| Credit Add-on Packs | — | ✓ | ✓ | ✓ |
| ▶Support & SLA(4 features)Other modules | ||||
| Support Channel | Docs only | Email (48h SLA) | Hotline + CSM (8h SLA) | 24/7 Engineer (1h SLA) |
| Dedicated Security Engineer | — | — | — | ✓ |
| White-label / MSSP | — | — | — | ✓ |
| API Access | — | — | — | ✓ |
All plans include a 15-day free trial — no credit card required.
Run a free 60-point security assessment and get your score, gap analysis, and prioritised remediation roadmap — no agents, no consultants, no waiting weeks for results.
