Cairnpoint · In development

Risk assessments your MSP can run, brand, and deliver.

Security assessments win MSP business — but running one usually means a pile of scripts, a spreadsheet, and a weekend of report writing. Cairnpoint packages the whole engagement: scan, discover, score, and deliver a report your prospect's leadership will actually read.

How it works

From first call to signed roadmap

01

Send the link

Generate a private questionnaire link for the prospect. They answer plain-language discovery questions on their own time — no account, no software to install.

02

Run the scans

Kick off a passive external attack-surface scan and a read-only Microsoft 365 posture review from the console. Safe to run against a prospect — nothing intrusive, nothing to deploy.

03

Deliver the report

Cairnpoint scores everything against recognized frameworks and produces an executive-ready, white-label report — with a prioritized roadmap that becomes your statement of work.

Product tour

A look inside

Cairnpoint is pre-launch. These screenshots are from a development build, shown with fictional sample data.

Cairnpoint assessment console showing a pipeline of five prospect assessments at different stages, with scan grades and next-step actions
The assessment console — every prospect in one pipeline view, from first link to delivered report.
Assessment detail panel showing an external scan grade of B (82/100), Microsoft 365 Secure Score, and an auto-built 30/60/90 remediation roadmap
Assessment detail — external scan grade, Microsoft 365 posture, and a 30/60/90 roadmap built from the findings.
Prospect-facing security discovery questionnaire with plain-language questions and automatic progress saving
The prospect's view — a plain-language questionnaire completed from a private link, no account required.

What's inside

The full assessment, one platform

External attack-surface scan

Email authentication (SPF, DKIM, DMARC), TLS and certificate health, exposed services, breach exposure, and web security headers — gathered passively, so it is safe to run before you have any access at all.

Microsoft 365 posture review

A read-only look at the tenant identity and security configuration most small businesses run on, surfacing the gaps that matter before they become incidents.

Guided discovery questionnaire

Structured, plain-language questions mapped to CIS Controls v8.1 IG1 — built to work in a sales call or an onsite walkthrough, answered by people who are not IT professionals.

Framework-mapped findings

Findings score against CIS Controls v8.1 and NIST CSF, with compliance overlays for HIPAA, the FTC Safeguards Rule, Cyber Essentials, and CMMC — plus cyber-insurance readiness and critical-infrastructure reporting checks where they apply.

White-label reports

Polished DOCX and PDF output under your brand: an executive summary with visuals for the decision-maker, and per-finding detail with plain-language and technical remediation for your engineers.

Effort-vs-impact roadmap

Findings rank into a prioritized plan — quick wins first, projects after — so the report ends with a path forward instead of a wall of red.

Multi-tenant by design

Every MSP signs in with its own Microsoft Entra tenant. Your prospects, assessments, and reports are scoped to you — never pooled with anyone else’s.

No standing vendor access

Third West Labs holds no persistent access to your data. Support access exists only when you mint a short-lived code from your own console — time-boxed, permission-scoped by you, and audited.

Founding partners

Built with MSPs, for MSPs

Cairnpoint grew out of assessments run for real clients, and it's being developed alongside a founding cohort of MSP partners who shape the roadmap. If you'd like to run Cairnpoint in your own practice — and have a say in where it goes — get in touch.

Join the founding cohort

Named for the stone cairns that mark a route through open country: a good assessment should tell a client exactly where they stand — and which way to go next.