Cairnpoint · In development
Risk assessments your MSP can run, brand, and deliver.
Security assessments win MSP business — but running one usually means a pile of scripts, a spreadsheet, and a weekend of report writing. Cairnpoint packages the whole engagement: scan, discover, score, and deliver a report your prospect's leadership will actually read.
How it works
From first call to signed roadmap
Send the link
Generate a private questionnaire link for the prospect. They answer plain-language discovery questions on their own time — no account, no software to install.
Run the scans
Kick off a passive external attack-surface scan and a read-only Microsoft 365 posture review from the console. Safe to run against a prospect — nothing intrusive, nothing to deploy.
Deliver the report
Cairnpoint scores everything against recognized frameworks and produces an executive-ready, white-label report — with a prioritized roadmap that becomes your statement of work.
Product tour
A look inside
Cairnpoint is pre-launch. These screenshots are from a development build, shown with fictional sample data.
What's inside
The full assessment, one platform
External attack-surface scan
Email authentication (SPF, DKIM, DMARC), TLS and certificate health, exposed services, breach exposure, and web security headers — gathered passively, so it is safe to run before you have any access at all.
Microsoft 365 posture review
A read-only look at the tenant identity and security configuration most small businesses run on, surfacing the gaps that matter before they become incidents.
Guided discovery questionnaire
Structured, plain-language questions mapped to CIS Controls v8.1 IG1 — built to work in a sales call or an onsite walkthrough, answered by people who are not IT professionals.
Framework-mapped findings
Findings score against CIS Controls v8.1 and NIST CSF, with compliance overlays for HIPAA, the FTC Safeguards Rule, Cyber Essentials, and CMMC — plus cyber-insurance readiness and critical-infrastructure reporting checks where they apply.
White-label reports
Polished DOCX and PDF output under your brand: an executive summary with visuals for the decision-maker, and per-finding detail with plain-language and technical remediation for your engineers.
Effort-vs-impact roadmap
Findings rank into a prioritized plan — quick wins first, projects after — so the report ends with a path forward instead of a wall of red.
Multi-tenant by design
Every MSP signs in with its own Microsoft Entra tenant. Your prospects, assessments, and reports are scoped to you — never pooled with anyone else’s.
No standing vendor access
Third West Labs holds no persistent access to your data. Support access exists only when you mint a short-lived code from your own console — time-boxed, permission-scoped by you, and audited.
Founding partners
Built with MSPs, for MSPs
Cairnpoint grew out of assessments run for real clients, and it's being developed alongside a founding cohort of MSP partners who shape the roadmap. If you'd like to run Cairnpoint in your own practice — and have a say in where it goes — get in touch.
Join the founding cohortNamed for the stone cairns that mark a route through open country: a good assessment should tell a client exactly where they stand — and which way to go next.