100-day cyber plan

A 100-day cyber plan ranked by EBITDA impact — with owner, evidence-to-close, and proof of completion built in.

Valty turns post-acquisition diligence evidence into a 100-day action queue ranked by financial materiality. Operating partners get the actions that change exposure most, the owner for each one, and a proof standard that closes on evidence — not assertions.

Request portfolio briefing
Design partnerPublic / indexed
100 daysPlanning horizon

Actions ranked by EBITDA impact so the most valuable security improvements land within the first operating quarter post-close.

ROI-rankedPriority method

Each action shows expected EBITDA delta, evidence required to prove closure, owner, and dependency — ranked by value, not by severity score.

ProofClosure standard

Actions are not marked closed until source evidence supports the claim. The 100-day review delivers closure proof, not status assertions.

Operating partner question

Which cyber actions change EBITDA exposure most in the first 100 days, and who owns each one?

The 100-day cyber plan is a value operations decision, not a compliance checklist. Operating partners need a ranked action list tied to the exposure estimate — with owner, dependency, and evidence required to prove closure.

CISO question

What does "done" look like for each action, and how do we prove it to the board?

Closure requires source-linked evidence — a finding resolved in the scanner, a control verified in the identity provider, a backup test recorded in the backup system. Assertions are not proof.

100-day review standard

At the 100-day review, what can we show the LP or board with confidence?

The 100-day review deliverable needs closed actions backed by evidence, open actions with current status and revised timeline, and a remaining exposure estimate that reflects what was actually completed — not what was planned.

Portfolio command — 100-day view

Actions ranked by value. Proof tracked by source evidence. Board-ready at day 100.

The 100-day cyber plan is built from the exposure estimate produced at deal close. Portfolio command ranks the actions that move the exposure estimate most, assigns owner and deadline, tracks evidence as actions are completed, and produces the day-100 review package from the same evidence model — so the board sees actual closure, not a retrospective status summary.

  • Top-10 actions by EBITDA delta — the 100-day prioritized plan
  • Owner and deadline per action with evidence-to-close defined upfront
  • Real-time closure tracking: open, in progress, evidence-verified closed
  • Dependency view: actions blocked on budget, vendor, or upstream control
  • Day-100 review pack: closed evidence, open status, updated exposure estimate

Action priority and EBITDA delta estimates are decision-support models bounded by available diligence evidence. Actual exposure reduction depends on quality of remediation execution and post-close source evidence coverage. All figures are labeled as estimates with method and confidence visible.

Portfolio CommandCross-company action queue ranked by EBITDA impact, proof status, and owner — the 100-day plan center of gravity.
Ingest

Diligence artifact ingestion at close

Diligence evidence enters the exposure model at deal close

Available artifacts from the diligence process — assessments, questionnaires, posture reports, pen test findings — are normalized into evidence objects. The first exposure estimate is produced from what exists, not what was planned.

Rank

Action queue ranked by value impact

Actions are ordered by EBITDA delta, not scanner severity

The 100-day action queue shows each remediation item with its expected exposure reduction, the source coverage required to prove closure, owner, deadline, and dependency. The top-10 actions by EBITDA delta are the 100-day plan.

Track

Portfolio command, hold-period tracker

Portfolio command tracks proof status in real time

As actions are completed, evidence objects update from the source system. Portfolio command shows which actions are closed with evidence, which are in progress, and which are blocked on owner or dependency.

Review

Board-ready 100-day review pack

The 100-day review is a proof pack, not a status deck

At day 100, the operating partner delivers a board-ready proof pack: closed actions with source evidence, open actions with revised timeline, and an updated exposure estimate that reflects completed remediation.

Post-close stages

Three stages. One evidence model. Proof at each transition.

The 100-day plan connects deal-close diligence to the first board review — using the same evidence model so claims do not have to be rebuilt at each stage.

Day 0–10: Close and ingest

What is the actual cyber exposure we are taking on?

Ingest diligence artifacts, produce bounded EBITDA exposure estimate, identify top-10 actions by financial materiality, assign owners.

  • EBITDA bridge from available evidence
  • Action queue with owner and evidence-to-close
  • Assumption gap list for post-close tightening

Day 10–90: Execute and track

Which actions are closed, which are blocked, and is the exposure moving?

Source connectors update evidence objects as actions are completed. Portfolio command shows real-time status — closed with evidence, in progress, blocked on dependency.

  • Portfolio command action tracker
  • Evidence-verified closure status
  • Updated exposure estimate on source change

Day 90–100: Board review pack

What can we show the LP and board as evidence-backed closure?

The day-100 review pack exports closed actions with source evidence, open actions with revised timelines, and an updated exposure estimate that reflects completed remediation.

  • Board-ready day-100 proof pack
  • Closure evidence per action
  • Remaining exposure estimate with updated assumptions

Proof matrix

100-day cyber plan claims and their evidence requirements

Each claim in the 100-day plan or board review requires source evidence, owner attestation, and freshness. Valty distinguishes between evidence-verified closure and status assertions.

ClaimSourceConfidenceFreshness
Initial exposure estimate (Day 0)FAIR-inspired model from diligence artifacts at deal closeDecision-support — bounded by diligence evidence scopePoint-in-time at close; recalculated as source connectors activate
Action priority rank (top-10 by EBITDA delta)Exposure model: finding severity × business scale × control coverage gapModel-based — re-ranked on evidence or exposure changeUpdated when evidence objects change or new sources connect
Evidence-verified action closureSource system artifact confirming remediation: scanner, IdP, EDR, backupSource-verified — not owner assertionClosure timestamp from source system at verification
Updated exposure estimate (Day 100)Revised EBITDA bridge reflecting completed actions and current evidenceDecision-support — updated assumptions loggedRecalculated on action closure and source evidence refresh
Blocked closure claim (no evidence)Action marked complete by owner but no source evidence of remediationNot publishable — appears in day-100 blocked ledgerSource evidence required before closure claim is accepted

Start the 100-day plan from available diligence evidence — not from a blank spreadsheet.

Valty ingests deal-close artifacts and returns a ranked action list tied to the exposure estimate. Portfolio command tracks closure by source evidence through the hold period so the day-100 board review delivers proof, not status.

Request portfolio briefingView PE operating partner solution

Valty is in design-partner and early-access stage. All financial figures are illustrative decision-support estimates with method, confidence, and limitation stated adjacent to the claim. No fabricated customers, no published pricing.