Frequently Asked Questions

BESTcyberIQ is a NIST CSF 2.0 self-assessment platform built for small and mid-size businesses. It helps you measure your cybersecurity maturity, identify gaps, and get prioritized recommendations — without needing a dedicated security team or hiring a consultant.

Most users complete the full assessment in 20-30 minutes. The assessment covers 98 questions across six NIST CSF 2.0 security domains. You can save your progress and return to it later.

Yes. The assessment is built directly on the NIST Cybersecurity Framework 2.0, covering all six functions: Govern (GV), Identify (ID), Protect (PR), Detect (DE), Respond (RS), and Recover (RC). Our 5-level maturity model measures not just whether a control exists, but how consistently it is implemented, documented, and verified — which is what auditors and insurers look for.

BESTcyberIQ assessments are informational and are designed to help you understand and improve your security posture. While the results can support compliance conversations and help prepare for cyber insurance applications, BESTcyberIQ does not issue compliance certifications. Always consult a qualified professional for formal compliance requirements.

BESTcyberIQ offers five options: Free — One assessment, overall score, and top 3 priority recommendations. No credit card required. Report ($499 per assessment) — A one-time purchase. Includes one NIST CSF 2.0 assessment, an executive PDF report, top 10 prioritized recommendations, and 1-year access to your results. No subscription required. Additional reports can be purchased at any time. Pro ($199.99/month or $1,999/year) — Unlimited assessments, all 98 gap-based recommendations, PDF report with your company logo, shareable read-only results link, and score trend tracking over time. Team ($499/month) — Everything in Pro, plus up to 25 users with RBAC roles (Owner, Admin, Contributor, Viewer), team invites, and activity logs. Enterprise ($1,499/month) — Everything in Team, plus SAML SSO via Microsoft Entra ID and Okta, white-label PDF branding, and extended log retention. Annual plans are available at approximately 17% off for Pro, Team, and Enterprise. See our pricing page for full details.

Yes. BESTcyberIQ automatically saves your assessment as you go. If you close your browser or switch devices, your in-progress answers are saved to your account. When you return to the assessment, you will see a prompt to resume where you left off. Your draft is saved until you submit or choose to start fresh.

Yes. Your data is stored in Supabase (PostgreSQL) hosted on AWS infrastructure, encrypted at rest and in transit using TLS 1.2 or higher. Access is restricted by Row Level Security policies — you can only access your own data. We do not share your assessment data with third parties or advertisers.

No. Your assessment responses, scores, and recommendations are private to your account. We do not sell your data, share it with advertisers, or provide it to third parties. See our Privacy Policy for full details.

We collect your email address, company name, and your assessment responses. Payment information is processed directly by Stripe — we never store or access your card details. See our Privacy Policy for the full list.

No. The Free plan requires no credit card. The 14-day Pro trial also requires no credit card — just sign up and start. A credit card is only required when you upgrade to a paid Pro subscription.

You can cancel at any time from your Profile page under the License section. Click "Manage Subscription" to access the Stripe Customer Portal where you can cancel, update your payment method, or view invoices. Cancellation takes effect at the end of your current billing period.

For subscription plans (Pro, Team, Enterprise): we do not offer refunds for partial billing periods. You may cancel at any time and retain access until the end of your current billing period. For one-time Report purchases: Report purchases are non-refundable once an assessment has been completed or a PDF report has been generated. If you have a billing issue, email william@bestcyberiq.com and we will do our best to help.

Your account and assessment history remain accessible until your subscription ends. If you delete your account, we retain your data for 30 days in case you change your mind — after that it is permanently deleted. See our Privacy Policy for details.

Yes. Annual plans are available for Pro ($1,999/yr), Team ($4,999/yr), and Enterprise ($14,999/yr) — saving approximately 17% compared to monthly billing. You can switch to an annual plan from your Profile page under the License section.

No. The Report plan is a one-time purchase of $499 per assessment — there is no subscription or recurring charge. Each purchase provides one assessment credit and 1-year access to your PDF report and top 10 recommendations. You can purchase additional reports at any time at the same price. The Report plan is ideal for organizations that need a formal assessment and executive report once a year without committing to a monthly subscription.

Yes. The Team plan supports up to 25 users per organization and the Enterprise plan supports unlimited users. You can invite team members from your Profile page and assign roles: Owner, Admin, Contributor, or Viewer. Owners and Admins can manage members, run assessments, and access all results. Contributors can run assessments. Viewers have read-only access. Pro and Free plans are single-user.

The Insurance Impact Score is based on the subset of your assessment answers that correspond to controls commonly reviewed during cyber insurance underwriting — such as multi-factor authentication, incident response plans, backup testing, and vulnerability scanning. It is not affiliated with any insurance carrier or broker and does not predict or guarantee policy approval, premium amounts, or coverage decisions. It is a readiness indicator based on your self-reported controls, designed to help you identify gaps in areas that insurers commonly evaluate. The Insurance Impact Score is available to Pro, Team, and Enterprise subscribers. Free users can see that the score exists but need to upgrade to view it.

Yes. Pro users can take unlimited assessments. Each assessment is saved separately so you can track your improvement over time. Free users are limited to one assessment.

After completing an assessment, go to the assessment detail page and click "Get Your Full Report." The PDF is generated on demand and includes your scores, maturity ratings, responses, and prioritized recommendations. PDF reports are a Pro feature.

Yes. SAML SSO is available on the Enterprise plan and supports both Microsoft Entra ID (formerly Azure AD) and Okta. You can submit an SSO configuration request directly from your organization profile page — no BESTcyberIQ intervention is required to initiate setup. SSO is configured per domain. Once active, users on your domain are automatically directed to your identity provider at login. See the Help Center for step-by-step setup guides for both Entra ID and Okta. Contact william@bestcyberiq.com if you need assistance.

Yes. You can sign in with your Microsoft account on the login page. This works for personal Microsoft accounts and Microsoft 365 / Entra ID accounts. Enterprise customers can also configure SAML SSO for enforced organizational login.

Team and Enterprise plans include an activity log visible to Owners and Admins on the Profile page. It records user logins (including sign-in method), assessments completed, and share link activity (created, revoked, viewed) — each with the IP address the action was performed from. Log retention is 90 days for Pro, 1 year for Team, and 1 year for Enterprise (extendable to 3 years with the Log Retention add-on).

Email us at william@bestcyberiq.com — we respond to all inquiries, typically within one business day.

When you first sign in, BESTcyberIQ displays a Getting Started checklist on your dashboard. It walks you through five setup steps: completing your company profile, running your first assessment, setting an assessment reminder, configuring a security target, and securing your account. The checklist disappears once all steps are complete.

In Settings → Organization (Pro, Team, and Enterprise), you manage your organization — license and billing details, team members and their roles, pending invites, ownership transfer, and shared results links.

/analytics for Pro, Team, and Enterprise Owners and Admins; view member activity, assessment history, and your full audit log.

Assessment reminders allow you to schedule periodic notifications to prompt your team to run a new assessment. You can configure the reminder frequency from your profile settings. This is available to Pro, Team, and Enterprise subscribers and helps ensure your cybersecurity posture stays current over time.

Multi-factor authentication (MFA) adds a second verification step beyond your password using an authenticator app (such as Google Authenticator or Authy). Any email/password user can enroll in MFA from their profile page. Team and Enterprise plan owners and admins can require MFA for all members of their organization — members who have not enrolled will be prompted to set it up before accessing the platform.

From your dashboard or assessment detail page, you can generate a secure, read-only shareable link for any completed assessment. The link does not require the recipient to have a BESTcyberIQ account. You can revoke access at any time from the Team page. Shareable links are available to all paid tiers.