Fit4Cybersecurity is a service that includes multiple self-assessment tools. Its main goal is to allow users to quickly assess their information security maturity in different areas that NC3 considers critical. Using all these self-assessment tools is anonymous and for free.


Fit4Cybersecurity is a quick online self-assessment tool helping business owners evaluate their security maturity and enhance their cyber risk protection. This is the first step of a more thorough assessment, that we call a Diagnostic NC3. The latter dives deeper into the organisation’s context, its state of practice and the existing documentation in terms of cybersecurity risk management, with the goal to address gaps with respect to baseline practices. A NC3 Diagnostic could be performed for free by one of our Cybersecurity experts, on the condition that the score obtained in the Fit4Cybersecurity self-evaluation is at least of 65/100 and the organisation is located in Luxembourg.

Complementing Fit4Cybersecurity, Fit4Contract is a similar tool whose aim is to help business owners ensure that contracts (already signed but especially those about to be signed with third parties) for the procurement of ICT services cover the essential information security aspects. The raison d’être of Fit4Contract is that a lot of small non-ICT organisations are often insufficiently prepared to negotiate contract clauses with ICT service providers. And finally, Fit4Privacy is a third tool in the self-assessment bundle, with the purpose to give business owners a good initial overview of their maturity in privacy and data protection, as required by the GDPR since May 2018.


Fit4cybersecurity is the first quick assessment of your organisation’s approach regarding cybersecurity risks. It can be a simple way to be aware of applicable good practices in information security risks or cybersecurity.

Fit4Contract helps you and your organisation identify if the minimum required clauses concerning Information Security are present in your contracts with your ICT Service providers.

Fit4Privacy gives a good initial impression on how your organisation is handling privacy and data protection, so you have an idea what to look for when reviewing your organisation’s data protection and privacy standing.

After each of these self-assessments, you can download a report in Word format (.docx), get your results from an ID or by using the link provided during the final result page. In this way, you can 1) show and discuss the report with other members of your organisation, and 2) compare your current score with another one in the past using the same tool.


The results of this self-assessment cannot -in any way- be exhaustive. As such, the actual risk assessment or the list of identified risks and vulnerabilities are based on the information provided by the user. The analysis resulting from this assessment can engage only the user for any omission or error that would be due to third parties or not.

The 3 tools Fit4cybersecurity, Fit4Contract or Fit4Privacy can provide recommendations. The user understands that the recommendations are neither exclusive nor exhaustive.

It should also be noted that the information you have provided to us will be recorded for statistical reasons. Due to the nature of the data, we cannot identify you, unless you contact us afterwards to perform a NC3 Diagnostic.