For organizations

Security posture services for businesses & institutions

CDPA offers a small, focused set of services for organizations that want to understand, improve, and demonstrate their digital security posture—especially when people’s livelihoods are on the line.

We are a nonprofit, not a vendor. Our role is to independently evaluate risk, communicate it clearly, and help organizations protect the people they serve. Our services are designed to be practical, affordable, and focused on real-world impact. All proceeds go directly toward supporting CDPA's mission of improving digital safety for communities.

1. Security Posture Assessment

Core service • Required for accreditation

A structured evaluation of your organization’s digital security posture, combining elements of penetration testing, configuration review, and policy assessment.

  • Risk-based scoping tied to your real-world impact
  • Technical testing + process and policy review
  • Clear, prioritized remediation roadmap
  • Executive-level and technical reporting

2. CDPA Security Posture Accreditation

Accreditation • Rating: e.g., C to A+

For organizations that complete our assessment, we offer an independent accreditation program with a transparent rating scale and public-facing listing.

  • Objective, criteria-based rating (e.g., B+)
  • Public directory listing of accredited organizations
  • Accreditation valid for a defined term (e.g., 2 years)
  • Use of CDPA digital safety badge in communications

3. Improvement & Readiness Advisory

Optional • Follow-on support

Short, focused advisory engagements to help your team act on the assessment results and prepare for re-assessment or accreditation upgrades.

  • Prioritization workshops with leadership & IT
  • Implementation check-ins on key security controls
  • Tabletop exercises focused on your highest-impact risks
  • Readiness review before re-assessments

Who should consider CDPA services?

  • Banks, credit unions, and financial institutions serving local communities
  • Hospitals, clinics, and healthcare providers
  • Schools, colleges, and educational nonprofits
  • Community-serving organizations processing sensitive data

Important note

Not every organization we assess will receive accreditation. Accreditation is a separate decision based on your demonstrated security posture and minimum rating threshold.