FOUNDED 2025 · INDEPENDENT UK PRACTICE

vCISO 90-Day Plan

The structured first ninety days of a fractional engagement.

The structured ninety-day approach used to take a vCISO engagement from kickoff to a board paper that earns the next quarter. Three phases: orient (weeks 1–4), control inventory pass (weeks 5–8), board paper (weeks 9–12). Distilled from twenty years of senior security leadership.

Download the paper · PDF · 12 pp Related service · CISO Advisory & vCISO
02Use this paper when

Scenarios where this paper earns its place on the desk.

  1. 01Hiring a vCISO and want to know what good looks like in 90 days
  2. 02A new CISO is starting and the first board paper is due
  3. 03Filling a CISO gap during succession or post-departure
  4. 04Resetting a security function after an audit finding or incident
03What you'll find inside

Artefacts and templates included with the paper.

  • ARTEFACT
    Asset & data flow map template
  • ARTEFACT
    Control inventory rubric
  • ARTEFACT
    Obligation register schema
  • ARTEFACT
    Day-90 board paper template
04If this is on your desk
RELATED SERVICE

CISO Advisory & vCISO

Open service  →
RELATED TOOLKIT

ISO 27001 Toolkit

Open toolkit  →
RELATED READING

First 90 Days as a vCISO (dispatch)

Open  →
Paul Jolliffe, Founder of InfoSecAI
AUTHOR

Paul Jolliffe

FOUNDER · INFOSECAI · MBA · CISSP · ISO 27001:2022 LA / LI / IA · PRINCE2 Practitioner

Twenty years of senior security leadership across financial services, healthcare, government, telecoms and technology. Independent UK practice founded 2025. Author of the InfoSecAI insights library.

Book a 30-minute working consultation About the practice

Get The Brief: practitioner notes on what is changing.

Weekly. No tracking pixels, no marketing automation. Unsubscribe in one click.