Win contracts

Win the contracts that ask “are you secure?”

A bigger customer wants Cyber Essentials, or a SOC 2, or sends a long security questionnaire. The access control, MFA, audit logging, and continuity you already run in Glassbreak become the evidence you hand back — so the security section stops costing you deals.

5
Cyber Essentials themes supported
CC6 / CC7
SOC 2 criteria evidenced
Export
Audit trail as questionnaire evidence
Auto
Continuity policy generated

The contract is blocked on a security form

It is the deal you want, and the only thing in the way is a security questionnaire or a request for Cyber Essentials. With no security team, the form sits on someone's desk for weeks, the answers are guesses, and the buyer's procurement team keeps sending follow-ups. The controls a small business actually needs are not exotic — access control, MFA, offboarding, logging, continuity — and once you run them in one place, the evidence writes itself.

The controls you run, as evidence

Each card pairs something you do day-to-day in Glassbreak with the certification or questionnaire line it answers.

Access control & least privilege

What you run

Per-team vaults with roles, so each person only reaches the logins their job needs — and you can show it.

The evidence

Maps to Cyber Essentials user access control and SOC 2 CC6 logical access. The questionnaire line “how do you restrict access to sensitive systems?” is answered by your vault structure.

Joiners & leavers

What you run

One-click offboarding that removes a leaver from every shared vault at once, with the change recorded.

The evidence

Cyber Essentials asks that accounts are removed when no longer needed; SOC 2 wants evidence of timely deprovisioning. The audit trail is the proof a leaver lost access the day they left.

Strong authentication

What you run

MFA on the accounts that matter, with hardware-backed approval available for the most sensitive.

The evidence

Directly answers the Cyber Essentials multi-factor authentication requirement and the “do you enforce MFA?” questionnaire line, with SOC 2 CC6 authentication alignment.

Audit logging & monitoring

What you run

A plain, exportable record of who opened what, who was added or removed, and when.

The evidence

SOC 2 CC7 expects logging and the ability to investigate. Export the trail as evidence rather than reconstructing it from scattered logs when a customer asks.

Business continuity

What you run

An emergency call-out, escalation, and pre-built playbooks that show you can keep running through disruption.

The evidence

A generated continuity policy plus the call-out records answer the “what is your business continuity / incident response plan?” questions buyers and auditors raise.

Data protection

What you run

On-device encryption where Glassbreak itself cannot read your stored content, so a vendor compromise does not expose your secrets.

The evidence

Supports the data-protection and encryption questions on the questionnaire, and reduces the supplier-risk follow-ups a careful buyer sends about the tools you use.

A continuity policy from how you actually work

Auditors and big customers ask for a business continuity and incident-response plan. Rather than writing one from a blank page — or buying a template that bears no relation to your business — Glassbreak generates a starting policy from your real setup: your emergency groups, escalation order, and playbooks. You review it with your team and you have a document that matches what you actually do.

The generated policy is a starting document for you and your advisers to review — it is not legal advice and does not by itself constitute certification.

The proof pages to send

Public pages your customer's security team can read directly — the mappings, the answers, and the encryption model behind them.

Most of this evidence comes straight out of your shared vault. Selling security services to your own clients? See Glassbreak for MSPs.

Frequently asked questions

Does Glassbreak make my business Cyber Essentials certified?

No tool certifies you — certification is assessed against your whole business. What Glassbreak does is run and evidence several of the controls Cyber Essentials checks (access control, MFA, account removal), so the access-and-credentials part of your assessment is straightforward to show. You still complete the certification through an assessor.

Can this help us get a SOC 2 report?

A SOC 2 report is produced by an auditor over your systems, not by a single vendor. Glassbreak produces clean evidence for the access (CC6), logging (CC7), and availability controls in scope, so those line items are easy to support. The platform aligns with the criteria; it is not itself a SOC 2 certification of your business.

How does this help me pass a security questionnaire?

The questionnaires bigger customers send ask how you control access, enforce MFA, remove leavers, log activity, and keep running through an incident. Those are exactly the things Glassbreak does and records, so you answer with evidence — your vault structure, audit trail, and continuity policy — instead of leaving the section blank.

What is the continuity policy generator?

It produces a business continuity and incident-response policy document from how you have actually set things up — your emergency groups, escalation order, and playbooks — so the written policy matches reality. It is a starting document to review with your team, not legal advice.

We have no security team — is this realistic for us?

Yes. The whole point is to get the controls and the evidence without hiring for them. One owner or ops lead sets up the vaults, MFA, call-out, and continuity policy in an afternoon, and the evidence is exportable whenever a customer asks.

Get audit-ready this week

Start a free trial, set up the controls, and export your first evidence pack before the questionnaire is due. Or see a 10-minute demo and we will walk the mappings against the form your customer sent.

Glassbreak does not provide legal, audit, or certification advice. Control mappings describe the technical and operational artefacts the platform can produce; they do not assert that your business is Cyber Essentials certified or holds a SOC 2 report. Certification and attestation are determined by an accredited assessor or auditor over your whole organisation. Customers should consult qualified counsel, their assessor, and their auditor to confirm how these artefacts apply to their specific circumstances.

This page is provided for transparency and does not constitute legal advice.

Stay Updated

Get product updates and security insights. No spam, unsubscribe anytime.

We respect your privacy. See our privacy policy.