LEET Security Assessment

LEET Security Assessment is a cybersecurity rating service that evaluates an organization's security program through documentary evidence review. The service occupies a position between self-assessment and full qualification, providing verification without the rigor of a complete audit. The assessment is based on LEET Security's control framework, which consists of 14 domains and 5 rating levels. Organizations begin by completing a self-assessment using the E-Qualify tool, where they answer questions corresponding to their selected target level and identify supporting evidence. The assessment process involves documentary evaluation of three key areas: policies (high-level descriptions of organizational protection and incident management), standards or guides (implementation instructions for policies), and procedures (process execution descriptions aligned with regulations). Auditors evaluate the design of controls and security measures based on this documentation, similar to Type I reports under ISAE 3402/SSAE 16 methodology. The assessment does not verify operational effectiveness of controls, though it includes verification that sample processes are executed according to established procedures. Organizations must ensure all submitted documentation is formally approved and communicated within the organization. Results are granted for three dimensions: Confidentiality, Integrity, and Availability. The assessment is valid for 12 months. Organizations can use the results report to demonstrate their security level to clients, providing a higher level of trust than self-assessment without the full guarantee of complete audit and supervision.