Stage S — Survey

Purpose of this stage: Before any framework was applied or any control was assessed, the full operational context of LiStDan Finance was established.

What This Stage Covers

The Survey stage is about understanding the environment completely before touching a single compliance clause. In a fast-moving fintech, assuming you know the risk landscape before scoping it is how assessments go wrong.

What Was Done

The engagement scope document was produced, confirmed, and formally recorded. All eight third-party vendor relationships were mapped and catalogued. Assessment boundaries were drawn across Azure-hosted infrastructure, mobile applications, backend services, databases, and DevOps pipelines. Out-of-scope items were formally documented with written justification for each exclusion. Stakeholders were identified and responsibility boundaries established across the project team.

Activities Completed

Reviewed business profile, company structure, and service offerings
Mapped all in-scope systems, processes, and people
Catalogued all eight third-party vendor relationships
Defined and documented out-of-scope exclusions with justifications
Confirmed assessment frameworks: ISO 27001:2022, NIST CSF v1.1, GDPR
Assigned team roles and contribution scope

Inputs and Outputs

	Detail
Inputs	Business overview, organisational structure, system inventory, existing documentation
Output	Risk Management Scope Document
Field	Detail
---	---
Duration	First week of the assessment period
Stage Status	Complete
SHIELD Stage	S — Survey