About Us

Spartacus Insights is a governed cybersecurity platform designed to help organisations and consultancies make defensible cybersecurity decisions over time. It brings assessment, evidence, analysis, reporting, improvement planning, and long-term visibility into one structured environment, so work stays connected rather than fragmenting across spreadsheets, documents, and disconnected tools.

Rather than operating as a narrow point solution, Spartacus Insights supports multiple cybersecurity decision lenses within one platform model, including framework maturity, implementation progress, quantitative risk, control and investment decisions, third-party assurance, and bespoke methodologies.

Spartacus Insights exists because many cybersecurity programmes struggle for structural rather than technical reasons. Work fragments across tools and teams, evidence becomes disconnected from the decisions it supports, reporting has to be rebuilt manually, and prior conclusions become difficult to revisit or defend when scope, stakeholders, or assurance expectations change.

Spartacus Insights is designed to remove that structural fragility by preserving continuity, comparability, and governance across the full lifecycle. The result is not just more efficient delivery, but a more sustainable model in which insight compounds over time instead of decaying between assessments and reporting cycles.

Spartacus Insights is different because it does not treat cybersecurity work as a series of isolated outputs. Many assessment tools can generate a score, a chart, or a report, but they often struggle to preserve context, maintain comparability, or support decision-making once work needs to be repeated, challenged, extended, or governed over time. Spartacus Insights is designed as a platform operating model rather than a single-purpose utility.

That means it supports multiple decision lenses in one governed environment and keeps assessment, evidence, analysis, reporting, and improvement activity aligned. For organisations and consultancies, that creates a more durable basis for both immediate decisions and longer-term programmes.

Spartacus Insights is not designed to be a checklist, questionnaire, reporting, or ticketing tool. Its role is to provide the governed structure within which assessment, evidence, analysis, reporting, and improvement planning remain connected, repeatable, and defensible over time.

It does not replace professional judgement, consultancy delivery, or organisational ownership of cybersecurity outcomes. Instead, Spartacus Insights provides a more governed and connected foundation for those activities, supporting clearer oversight, stronger continuity, and better-informed strategic decisions as programmes scale and mature.

Spartacus Insights is designed for cybersecurity consultancies, internal cybersecurity and GRC teams, programme and transformation leaders, and organisations that need a more structured and repeatable way to govern cybersecurity over time. It is especially well suited to environments where multiple contributors, frameworks, clients, business units, or repeated delivery cycles need to be coordinated without losing consistency or control.

It is also well suited to mixed-maturity delivery teams. Spartacus Insights is designed so less experienced contributors can work within governed boundaries, while senior practitioners retain oversight, decision authority, and quality control across the wider programme.

Spartacus Insights helps consultancies turn cybersecurity delivery into a more repeatable and commercially resilient service model. It reduces avoidable rework, improves consistency across teams, and supports stronger productisation by keeping delivery outputs, evidence, and reporting aligned within one governed workflow rather than relying on bespoke manual effort for every engagement.

That commercial value is reinforced by the way reporting is handled in the platform. Analysis outputs and charts are generated from the underlying assessment context, while scoring, findings, recommendations, and report structure remain connected to the same governed model. This helps teams produce more consistent outputs with less reconstruction and formatting effort, allowing consultants to spend more time on interpretation, advice, and client value, and less time rebuilding material manually.

Over time, this supports stronger margin confidence, safer use of mixed-seniority teams, lower delivery variance, and clearer routes into follow-on work such as remediation programmes, advisory retainers, and multi-year client engagements. It also helps consultancies protect and operationalise their methodology and IP more safely as delivery scales.

Yes. Spartacus Insights is designed to support long-term cybersecurity governance and improvement rather than stopping at a single assessment event. Because evidence, outputs, findings, projects, and trends remain connected over time, organisations can revisit prior work more easily, compare results across cycles, and maintain continuity even when teams, stakeholders, or priorities change.

This makes Spartacus Insights particularly useful where maturity tracking, portfolio oversight, reassessment, and sustained programme delivery matter. It helps organisations move from isolated exercises to a more durable operating model for cybersecurity decision-making.

Spartacus Insights currently supports four approved Framework Products: NIST CSF 2.0, ISO 27001:2022, CIS Top 18, and CMMC 2.0. Each is delivered as a distinct governed framework product with its own structure, scoring logic, reporting alignment, and value model. 

These frameworks are separate from Spartacus Insights' productised capabilities such as Controls, Third-Party Risk Management, Custom Frameworks, Standard Risk, and Comprehensive Risk. That distinction matters because Spartacus Insights is designed to support multiple decision types, not just one framework view.

Yes. Spartacus Insights includes Custom Frameworks, which enables organisations and consultancies to design, digitise, and govern proprietary, internal, hybrid, and sector-specific methodologies within the same structured platform used for recognised standards.

This is valuable because bespoke models often become inconsistent as delivery scales. Spartacus Insights gives them the same discipline of structured assessment, evidence handling, reporting, projects, and trends, helping preserve the integrity of the methodology across teams, clients, regions, and repeated cycles.

Yes. Spartacus Insights is designed to support more than maturity or compliance-style assessment. In addition to recognised framework packs, it supports complementary decision lenses such as quantitative risk, controls and investment, third-party assurance, and bespoke frameworks, all within one broader governed platform model.

That matters because organisations rarely need just one type of cybersecurity answer. They may need to understand posture, financial exposure, supplier risk, control investment, or internal methodology at different points, and Spartacus is built to support that wider picture.

Yes. Spartacus Insights includes two standalone quantitative risk products: Standard Risk and Comprehensive Risk. These allow organisations and consultancies to express defined cyber risk scenarios in financial terms, adding a different decision lens alongside maturity assessment, implementation review, assurance, and control-led work.

This is useful because not every cyber decision starts with the same question. Some organisations begin with posture or capability, while others need to understand material financial exposure first. Spartacus Insights supports those different starting points without breaking the overall platform model.

No. Spartacus Insights does not provide certification, audit sign-off, or formal attestation against cybersecurity frameworks. Its role is to support structured assessment, evidence-backed review, analysis, reporting, and improvement planning in a more governed and defensible way.

That means Spartacus Insights can help organisations and consultancies improve audit readiness, strengthen traceability, and produce clearer outputs for internal review, external assurance, and stakeholder scrutiny. But responsibility for formal certification, audit judgement, or contractual sign-off remains outside the platform. This distinction is particularly important for standards and frameworks such as ISO 27001 and CMMC, where readiness and defensibility matter, but Spartacus Insights  is not positioned as the certifying or auditing authority.

Spartacus Insights uses a governed lifecycle in which assessment, evidence, analysis, reporting, findings, recommendations, improvement planning, and trend visibility remain connected over time. That means work performed at one stage continues to support the next, rather than having to be manually reconstructed in separate files, presentations, or delivery threads.

This connected model is one of the main reasons Spartacus Insights creates long-term value. It helps teams preserve context, reduce rework, and maintain confidence that conclusions, outputs, and next-step decisions are all grounded in the same underlying work.

Spartacus Insights applies governance across framework configuration, scoring, reporting, and workflow through its core governance engines. That helps keep assessments, analysis, reports, projects, and trend views aligned, reducing interpretation drift and making outcomes more repeatable across teams, regions, and repeated engagements.

In practice, that consistency is reinforced through structured assessment models, governed reporting templates, consultant guidance, seeded report content, and workflow alignment across the wider platform. This means delivery confidence depends less on undocumented working habits or individual interpretation, and more on a governed and repeatable model.

Spartacus Insights helps leadership teams and sponsors move beyond isolated reports or point-in-time dashboards. Because assessment, evidence, analysis, reporting, recommendations, projects, and trends remain connected, it becomes easier to understand where issues exist, what they mean, what should be prioritised, and how progress is changing over time.

This is especially valuable in larger or longer-running programmes, where executives need clear visibility without being drawn into draft work or internal delivery mechanics. Spartacus Insights supports that through structured reporting, portfolio views, and longitudinal comparisons that make priorities and progress easier to review at the right level.

Yes. Spartacus Insights supports controlled, read-only client access to approved outputs such as analysis, reports, projects, and trend views. This allows clients and stakeholders to review the outputs they need while keeping internal notes, draft content, review activity, and other protected working material out of view.

That balance matters because transparency is useful, but only when it does not undermine governance. Spartacus Insights allows organisations and consultancies to give stakeholders a clearer and more professional view of progress while retaining control over interpretation, publication, and quality assurance.

Spartacus Insights allows framework products and productised capabilities to be used in a more connected way without forcing them into one rigid sequence. For example, a framework assessment can sit alongside Quantitative Risk, Controls, or Third-Party Risk Management where those decision lenses are useful, allowing organisations and consultancies to expand from one starting point into adjacent services more naturally.

This is valuable commercially because it supports broader cybersecurity conversations without blurring product boundaries. Framework packs remain distinct from productised capabilities, but Spartacus Insights  makes it easier to use them in complementary ways when organisations need a wider decision picture.

Spartacus Insights pricing is shaped primarily by the products deployed and the way the platform is used. That means pricing can vary depending on whether you are using Spartacus Insights for framework delivery, quantitative risk, controls & investment, third-party assurance, custom frameworks, or a broader combined deployment.

Where organisations or consultancies use multiple complementary products together, bundled usage can reduce overall cost compared with adopting those capabilities separately. This allows pricing to reflect both the breadth of deployment and the value of a more connected operating model.

Spartacus Insights is a UK-hosted SaaS platform operated within the applicable UK regulatory context. Each customer tenant has its own users, clients, enabled products, assessments, activity data, and configuration settings.

Tenants are isolated from one another. Other tenants are not visible, platform-level administration remains separate from tenant delivery, and no data, configuration, or activity is shared across tenant boundaries unless explicitly exported. This gives organisations and consultancies clearer governance boundaries, stronger access control, and confidence that delivery activity remains within its intended tenant boundary.

Yes. Spartacus Insights supports tenant-level authentication configuration, including Microsoft identity and third-party identity providers. Authentication is configured at the tenant boundary, allowing organisations to align platform access with their wider identity approach while keeping internal role and permission models governed separately.

This is useful for organisations that need a more controlled and enterprise-ready access model without losing clarity over who can access specific products, clients, and assessments within the platform. Authentication controls entry to the tenant environment, while role and permission settings govern what users can view, manage, or contribute to once inside it.

Spartacus Insights uses a governed role model with Platform Admins, Product Admins, and Standard Users, with permissions applied across tenant, product, and assessment level. Platform Admins have full administrative authority within the tenant, including managing users, clients, products, settings, and assessments. Product Admins have administrative control limited to the products they are assigned to. Standard Users work within more limited permission boundaries and can be granted read-only or read/write access at assessment level.

This gives organisations a clearer and more controlled way to manage access without relying on informal workarounds. It also means authority can be delegated where appropriate, while still keeping administrative boundaries explicit and auditable. Multiple consultants and contributors can work together within governed permission boundaries.

Spartacus Insights retains data while there is an active product licence. Where a tenant has one or more active product licences, data associated with those active products is retained unless individual assessments are deleted by authorised users.

If a product licence becomes inactive, assessment data associated with that product is retained for 30 days from the inactivation date, unless earlier deletion is requested through the agreed service process. After that period, the product-related assessment data is deleted.

If a tenant has no active product licences, all tenant data is deleted in line with the agreed service process. This ensures data retention remains linked to active product use, while deletion stays controlled, deliberate, and restricted to authorised roles.

Yes. Spartacus Insights demos can be tailored to an organisation’s delivery model, priorities, and areas of interest. This helps buyers see how the platform supports frameworks, evidence, reporting, improvement planning, and complementary products such as Quantitative Risk, Controls, and Third-Party Risk Management.

A guided demo provides a clearer view of how Spartacus Insights fits a specific environment, whether the focus is a single framework, a broader cybersecurity programme, or a more productised consulting delivery model.