One engine. 650+ checks.
The same engine runs behind every audit we do. It runs read-only, so there is no production impact, and it hands you a graded report you can act on. The community tier is free and open on GitHub. The full assessment is where the depth lives.
Licensing
Every instance checked: edition, cores, Software Assurance, and what each one actually does. Then the cores you pay for and do not run.
Compliance
A read-only audit that maps your estate to the controls auditors ask for: exposed accounts, encryption, patch level, recoverability. Evidence, not opinions.
Evidence against the controls — not a tidy opinion.
A compliance audit answers the five questions an auditor keeps coming back to, and hands you the proof behind each answer.
Access & identity
Who can reach the data and at what privilege — orphaned logins, over-privileged accounts, the shared sa nobody owns.
Encryption posture
At rest and in transit: what is protected, what is not, and which gaps a regulator will actually care about.
Patch & configuration
How current you are, where the CIS-benchmark gaps sit, and the misconfigurations that quietly widen exposure.
Recoverability
Backups that are restore-tested, retention that matches the obligation, and a DR plan someone has genuinely run.
Evidence pack
Each finding mapped to a control and graded, with the artefact behind it — the thing your auditor asks for and rarely gets.
Depth you can only get from doing one thing.
Senior only
No juniors, no account managers between you and the person fixing it.
SQL Server only
Not one practice among twelve. This is the whole business.
A number, not a promise
Every finding carries a dollar figure or a control reference. Biggest wins first.
I didn't even know this was possible.Susan, Senior DBA