"Is this just an assessment?"

"It's an assessment plus quick-win remediation plus a verified, evidenced baseline — in a fixed 90-day window. The deliverable is the artifact an insurer or auditor wants."

"Does it make us cyber-insurable?"

"It produces the documented baseline insurers typically ask for. It's also a clean starting point for NIS2 or ISO 27001 work."

"What happens after 90 days?"

"You get a forward roadmap. Roll the baseline into a managed mandate, or keep operating it yourself on a Nova9 licence."

"How is it different from Sentinel-360?"

"Sentinel-360 is continuous vulnerability scanning. Secure-90 is a time-boxed programme that uses scanning plus identity, config and gap work to produce a baseline."

Secure-90 — Security Suite

What this is about

Many Mittelstand companies can't answer a simple question: where do we actually stand on security? Secure-90 answers it in a defined window. It's not an open-ended consulting drip — it's a programme with a start, an end, and a documented baseline as the deliverable. The kind of artifact a cyber insurer or an auditor asks for, produced once, properly.

How we run it

Three phases over 90 days. Discover: inventory, scanning (Sentinel-360), identity and configuration review, gap analysis against ISO 27001 / NIS2. Remediate: the high-risk quick wins fixed or scheduled, with evidence captured as we go. Verify: a documented baseline — what was found, what was fixed, what remains, with a roadmap for the rest. The platform produces the evidence continuously, so the closing report is current, not reconstructed.

When it fits

Companies that need to become cyber-insurable or pass a first audit. Organisations starting their NIS2 or ISO 27001 journey that need a defensible starting point. Boards that want a clear, time-boxed answer to "are we exposed?".

What we don't do

We don't run an endless assessment. We don't hand you a gap list with no remediation. We don't assert a posture — we evidence it, and the baseline is exportable and yours.

Concrete Deliverables

What you can hand off

Discovery & gap analysis

Inventory, scanning, identity and config review, gap analysis against ISO 27001 / NIS2.
Quick-win remediation

High-risk findings fixed or scheduled within the window, evidence captured as we go.
Verified baseline document

What was found, fixed and remains — evidenced, exportable, insurer/auditor-ready.
Forward roadmap

A prioritised plan for what's beyond the 90 days, ready to fund.
Handover to operations or self-service

Roll the baseline into a managed mandate or keep it on your own Nova9 licence.

Product facts

Date: 2026-05-27 · Source: dynexo Operations
Timeline	90 days · fixed scope
Phases	Discover → Remediate → Verify
Frameworks	ISO 27001, NIS2 readiness
Deliverable	Evidenced baseline + forward roadmap
Use	Cyber insurability, first audit, board assurance
Deployment	EU cloud or on-prem

Asked often

Asked before the briefing

Is this just an assessment?

It's an assessment plus quick-win remediation plus a verified, evidenced baseline — in a fixed 90-day window. The deliverable is the artifact an insurer or auditor wants.
Does it make us cyber-insurable?

It produces the documented baseline insurers typically ask for. It's also a clean starting point for NIS2 or ISO 27001 work.
What happens after 90 days?

You get a forward roadmap. Roll the baseline into a managed mandate, or keep operating it yourself on a Nova9 licence.
How is it different from Sentinel-360?

Sentinel-360 is continuous vulnerability scanning. Secure-90 is a time-boxed programme that uses scanning plus identity, config and gap work to produce a baseline.

Secure-90 — from unknown posture to a documented baseline in 90 days.