The Trust Practice Digital Trust Governance

The Trust Practice

Digital Trust Review

Fixed-fee diagnostic of your public-facing digital trust posture. Clear findings, evidence & prioritised next steps.

Request a Review See example outputs
What it is

A structured, independent view from the outside

The Digital Trust Review assesses observable trust posture across your public-facing digital surfaces and translates findings into practical action. Fixed scope, fixed fee - with a structured evidence pack, executive summary & prioritised action list.

It's the right starting point before an incident, before a launch, or when leadership needs clarity over a fragmented digital estate.

Scope

What's in and what's not

In scope

  • Identity - authentication, federation & access signals
  • Domains and DNS - registration, resolution & infrastructure trust
  • Email Integrity - SPF, DKIM, DMARC & transit encryption
  • Digital Services - websites, portals & application trust
  • Infrastructure and Platforms - cloud, hosting & operational resilience
  • Third-Party Ecosystem - vendor, supply chain & delegated trust

Not in scope

  • Penetration testing or active exploitation
  • Full compliance audit
  • Implementation delivery
  • Internal or authenticated surfaces

For a targeted email-only review, see Email Trust.

Deliverables

What you receive

  • Executive summary with overall trust posture interpretation
  • Findings and evidence pack with source references
  • Trust interpretation - what each finding means operationally and in governance terms
  • Prioritised action list with sequencing and ownership guidance
  • Readout session to walk through findings and answer questions
How it works

Four steps, defined timeline

Step 01 Scope

Agree primary domains and surfaces. Capture known concerns or planned changes.

Step 02 Assess

Observable signal observation across agreed surfaces using the TrustSurface method.

Step 03 Interpret

Findings translated into operational and governance terms. Evidence compiled, actions prioritised.

Step 04 Readout

Findings presented to your team. Questions answered. Next steps confirmed.

Most Reviews complete within two to three weeks of scope confirmation.

Commercial structure

Fixed fee, no surprises

Scope is agreed upfront. No hourly billing.

From AUD $7,500 + GST · fixed fee · scope confirmed before engagement begins

Final pricing is based on the number of surfaces in scope. A short scoping conversation confirms fit and cost before you commit.

Example outputs

What the output looks like

De-identified and simplified examples below.

Executive summary extract De-identified

Overall trust posture: Amber

Meaningful gaps in email authentication and operational transparency. Domain and DNS posture are generally sound. Three issues warrant priority attention - two are low-effort, one requires a governance decision before technical remediation can begin.

Findings extract De-identified
DMARC policy not enforced
A DMARC record exists but is set to p=none. Email from this domain cannot be rejected by receiving mail servers. Spoofing risk is visible to external observers with basic tooling.
High
No public status surface
No status page or service communication surface exists. During service issues, there is no channel for operational transparency - a trust and governance gap.
Medium
HTTPS posture sound
Primary domain and key subdomains enforce HTTPS with valid certificates. HSTS is in place on the primary domain.
Satisfactory
View more examples →

Ready to start?

A short enquiry is all it takes. The right next step can be confirmed from there.

Request a Review Book a discussion