Sylvan Assurance, LLC

Plain-English compliance and security toolkits that respect your privacy.

Free assessments and practical toolkits for the five most common situations small businesses and small product teams face: strategic readiness across General Data Protection Regulation (GDPR) compliance, foundational small-business security, and Product Security Incident Response Team (PSIRT) operations — plus tactical response toolkits for the first four hours of an incident and the first 72 hours of a personal-data breach. Every free assessment runs entirely in your browser. Your answers never leave your device.

See our toolkits Why we exist
Toolkits

Five focused toolkits, one consistent approach.

Each toolkit pairs a free in-browser assessment with a practical, plain-language pack of guides, templates, worksheets, and worked examples. Three of the toolkits are strategic — they answer "how well are we set up?" on a calm day. Two are tactical — they answer "what do we do right now?" the day an incident actually happens. One-time purchase, lifetime access, no subscription.

Strategic · GDPR Compliance

GDPR Checklist

For small businesses with European customers, visitors, or staff.

A 30-question self-assessment that scores your readiness across five areas (data collection, processing, storage, sharing, breach response) and routes you to plain-English fixes for the gaps.

$49 · $129 · $299  ·  Solo / SMB / Pro & Data Protection Officer
See the GDPR Checklist →
 Strategic · Small-Business Security

SMB Security Assessment

For owners of small businesses (2–50 people) and the consultants who serve them.

A 12-question security self-assessment covering Identity and Access Management (IAM), data classification, backup and disaster recovery, and patch management — plus a full toolkit of policies, templates, and training decks.

$49 · $99 · $299  ·  Solo / SMB / Pro Consultant
See the SMB Security Assessment →
 Strategic · Product Security

PSIRT Response

For product-security practitioners, founder-CISOs, and small product teams.

A 17-question readiness self-assessment for receiving and handling vulnerability reports — before the first one arrives. The paid tiers add the working runbooks, communication templates, and regulatory decision trees.

$49 · $99 · $299  ·  Solo / SMB / Enterprise
See PSIRT Response →
 Strategic · Sales Enablement

TrustReady

For vendors answering a security questionnaire a customer sent them.

A free readiness scanner plus guided builders that produce defensible answers to SIG Lite and CAIQ questionnaires, the proof documents reviewers want attached, and a shareable trust profile that heads off the next questionnaire.

$49 · $99 · $199  ·  Solo / SMB / Pro
See TrustReady →
 Tactical · General Security

First 4 Hours Incident Response

For businesses and product teams handling — or preparing for — an incident.

A branching triage assessment that splits into an infrastructure-incident path and a product-vulnerability path. Returns a four-hour priority sequence, a do-not-touch list, and the regulatory clocks that apply.

$49 · $99 · $199  ·  Solo / Commander / PSIRT CRA-Ready
See First 4 Hours →
 Tactical · Privacy

GDPR Breach Response

For Data Protection Officers handling the first 72 hours of a personal-data breach.

A nine-question triage that returns a notifiable-or-document verdict, the Article 33 deadline computed from your awareness time, the required notification contents, and a starter draft you can hand to counsel.

$49 · $99 · $199  ·  Solo / SMB / Enterprise
See GDPR Breach Response →
Why we exist

Compliance and security advice should not require a six-figure budget.

Most small businesses cannot afford a Data Protection Officer, a fractional Chief Information Security Officer, or a full Product Security Incident Response Team. They need the same documents, decisions, and routines those roles produce — but built in plain language, priced for one-person operators, and delivered as files they own forever.

Plain English

Acronyms expanded at first use. Jargon softened. Worked examples instead of abstract guidance.

Privacy-first by design

Every free self-assessment runs in your browser. Scores and answers never leave your device.

You decide what to adopt

Every recommendation is optional — a widely accepted way to reduce a common risk. You adopt, adapt, or decline.

Files you own forever

One-time purchase. Lifetime access to the files you bought. No subscription. Updates within your edition are free while it is in our catalog; major new editions are sold separately.

Your assessment data never leaves your device.

All five of our free assessments score you locally in the browser. No JavaScript analytics, no tracking pixels, no third-party trackers, no server that sees your answers — even for the two tactical assessments where you're entering details of a live incident. If you choose to enter your email to receive a free guide, only that email is transmitted — nothing else.

Our website uses Cloudflare's server-side traffic analytics for aggregate page counts — no JavaScript injection, no cookies, no identifiable data.

About us

Built by practitioners, for the small businesses they wish had existed earlier.

Sylvan Assurance, LLC publishes compliance and security toolkits drawn from widely recognised standards — General Data Protection Regulation guidance, the National Institute of Standards and Technology Cybersecurity Framework, the Forum of Incident Response and Security Teams (FIRST) PSIRT Services Framework — translated into plain language for organisations that do not have a dedicated compliance team.

We are not a law firm, a security audit firm, or a certification body. We publish working templates and self-assessment tools you can use directly, and we are explicit in every document about what those templates are and are not.

Questions? Email support@sylvanassurance.com. A real person reads every reply.