Services›Information Governance Readiness

Lane 01 · Diagnose

Information Governance Readiness Assessment

A board-grade view of how your organisation classifies, shares and protects information. Half a day.


The Problem

You hold sensitive information. You don’t have a map.

Most organisations – even mature ones – operate without a clear classification of the information they handle. Client confidences sit in the same folders as marketing drafts. Conflict-of-interest data leaks into AI prompts. Board papers are emailed in plain text. Nothing has gone wrong yet, which is precisely why no one has fixed it.

This assessment gives you, in half a day, a board-grade view of where the risks sit and what the next three moves should be. It uses the C1–C4 Information Classification Protocol: a four-tier framework developed by Fab Campaigns and deployed across engineering firms, professional services, and territorial consortia.


What You Walk Away With

A written report your board can act on

  • Your information landscape mapped across four tiers: Public (C1), Internal (C2), Confidential (C3), Business Critical (C4).
  • The three highest-exposure gaps in your current practice, named, ranked, and reasoned.
  • A starter classification register for your organisation, populated with the 20–40 most material information assets.
  • An honest assessment of AI tool risk: what you are passing into Claude, ChatGPT, Notion AI, and others, and at what classification.
  • The two policy moves I would make in the next thirty days, with sample wording.
  • An optional pathway into Tier 2 training and certification if internal capability needs to be built.


How It Works

One pre-call, half a day on site, a written report

  1. Pre-call · 30 minutes

    I learn the shape of your organisation, the sectors you work in, the regulatory frame you sit under, and what is keeping the board up at night.

  2. The session · half a day on site

    Three short working sessions with the right people in the room: typically a founder or CEO, a COO or Head of Operations, and whoever owns IT or information security if separately staffed.

  3. The report · within five working days

    I write it. Six to ten pages including the classification register starter. Classified C2 itself, so you can share it across your leadership team.

  4. Decision call · 30 minutes

    What you intend to do. Whether you want to bring this in-house through certified training, or have us deliver ongoing through the cyber governance retainer. Most decisions are made on this call.

DurationHalf-day on site · 5-day turnaround
FormatOn site preferred · remote available
Best fitEngineering, professional services, consortia, regulated SMEs

Investment

From £1,500 to £2,500

Fixed fee. Includes pre-call, half-day session, written report with classification register starter, and decision call. Travel beyond Winchester / M25 charged at cost.

Where this leads. The assessment is Tier 1 of a three-tier stack. Tier 2 is a ten-module training and certification programme for your internal team, delivered over six to ten weeks. Tier 3 is a continuous audit and cyber governance retainer for organisations that want this maintained, not just installed.

Start with the half-day

This assessment is also available delivered by certified partners in the Licensed Partner Programme — useful if you would prefer an Italian-speaking delivery partner, or if you are based outside the UK. Tell us where you are based and we will route accordingly.

Start a conversation
All services

Related

Growth Bottleneck Identifier

If you would rather start with a broader diagnostic of what is in the way of growth.

Read more →

Cyber Governance Training

Tier 2 — internal team certification across ten modules with a final exam.

Enquire →

Continuous Cyber Governance

Tier 3 — ongoing retainer for organisations that need this maintained, not just installed.

Enquire →

© 2026 Fab Campaigns Ltd. Strategic Partnerships Advisory.

Privacy Policy

Terms

Contact

Verified by MonsterInsights