What is the Workspace Context?
Itās a structured document where you describe your organization: your IT infrastructure, your security objectives, your constraints, and your business specifics.
HARVEN uses this context to tailor every analysis and recommendation.
Donāt be intimidated by the length. Filling it in is easier than it looks, and you donāt need to complete everything at once.
š” Tips
Only fill in information you are certain about
For values, estimates are sufficient (we need orders of magnitude)
If you don't have the answer, write "I don't know, please disregard"
Focus on the first and fifth points initially.
If you have question or need assistance, contact us at [email protected]. We're here to help you, and we can do it together š¤
Just to recap:
General Information
Organization Name: [your company name]
Industry Sector: [eg: transport, energy, education, research]
Headcount (estimate): []
Business Description
One or two sentences about what your company does. Keep it simple.
[ Main activity, services/products, and business particularities]
IT Architecture :
The most technical part, but also the most valuable. Describe your infrastructure: servers, workstations, key applications, databases, network, and remote access. No need to be exhaustive, just focus on what matters most, you can add more info later.
Infrastructure
Hosting: [Cloud / On-premise / Hybrid]
Cloud Providers: [AWS, Azure, GCP, OVHā¦]
Datacenter: [Location if relevant]
Main Components
Servers: [Number, main OS]
Workstations: [Number, OS, BYOD or not]
Critical Applications: [List of 5-10 most important apps]
Databases: [Types used]
Network
Network Architecture: [Segmentation, VPN, etc.]
Remote Access: [VPN, RDP, etc.]
Interconnections: [Partners, subsidiaries, etc.]
Third-Party Services
SaaS Used: [Microsoft 365, Google Workspace, Salesforceā¦]
Managed Services: [External SOC, managed servicesā¦]
Security Objectives
Regulatory Compliance
Which regulations apply to you (GDPR, NIS2ā¦)? Any certifications you're targeting? What are your priorities if an incident occurs?
Applicable Regulations: [GDPR, NIS2, HIPAA, PCI-DSSā¦]
Target Certifications: [ISO 27001, SOC2ā¦]
Business Priorities
What are the security outcomes your organization needs to achieve this year? Use this section to define your top objectives : HARVEN will align its recommendations and action plans around them.
[Eg: Ensure no critical vulnerabilities remain unpatched for more than 30 days / Maintain full visibility into privileged account activity across the organization / Eliminate shadow IT and unauthorized devices from the network]
[Priority objective 1]
[Priority objective 2]
[Priority objective 3]
Control-Specific Rules
This is where you tell HARVEN how to interpret your data: which machines and identities to include, and which source to use for vulnerability management.
Scopes : [eg: ā Do not count users in the āservice_accountsā or āguestsā group]
Custom Assessment Rules : [Admin Passwords available 180 days, The primary data source for vulnerability management is NINJA ONE, and Defender should not be used for vulnerability indicators.]
Business-Specific Contexts: [Critical assets/ Accountabilities]
Constraints and Limitations
Anything HARVEN needs to know to keep its recommendations realistic: a server that can only be patched once a year, legacy systems, organizational limitationsā¦
Technical Constraints
[Ex: "Legacy AS/400 system not patchable, migration planned for 2026"]
[Ex: "Critical business application incompatible with MFA, workaround via IP whitelisting"]
Organizational Constraints
[Ex: "IT team of 2 people, limited deployment capacity"]
Legacy and Technical Debt
[Ex: "Windows Server 2012 on 3 servers, end-of-life planned Q3 2025"]
[Ex: "Undocumented legacy firewall rules, audit scheduled"]
Metadata
Version: 1.0
Last Updated: [Date]
Next Review: [Date]
Author: [Name]
