Frequently Asked Questions

IdentityHealthCheck is our comprehensive enterprise identity security platform that combines AI-powered analysis with automated compliance checking. It assesses your identity infrastructure across multiple frameworks including SOC 2, ISO 27001, GDPR, FedRAMP, and others, providing actionable insights and remediation recommendations.

We support all major enterprise identity platforms including:

• Microsoft: Active Directory, Azure AD, Entra ID
• Cloud Providers: Microsoft, AWS , Google , Oracle , IBM
• Identity Platforms: Okta, Ping Identity, Auth0, OneLogin
• HRIS Systems: Workday, SAP HCM, Oracle HCM, ADP
• PAM Solutions: CyberArk, BeyondTrust, Thycotic

Our platform uses two specialized AI engines:

• Cognitia: Threat intelligence and security analysis AI trained on millions of security events
• Fidara: Identity-specific AI that understands attack patterns, user behavior, and compliance requirements

These AIs work together to provide contextual security recommendations and automated threat detection.

IdentityHealthCheck is designed for hybrid environments and can be deployed in multiple ways:

• Cloud SaaS: Fully managed cloud deployment
• On-Premises: Complete local deployment for air-gapped environments
• Hybrid: Distributed architecture with cloud orchestration and local agents

We support comprehensive compliance automation for:

• US Frameworks: SOC 2, FedRAMP, NIST Cybersecurity Framework, CIS Controls
• European: GDPR, NIS2 Directive, eIDAS, PSD2
• International: ISO 27001, ISO 42001 (AI), STAR AI (CSA)
• UK: UK GDPR, NCSC Cyber Essentials, PSR, FCA SYSC
• Industry-Specific: HIPAA, PCI DSS, SOX, MiFID II

SOC 2 Type II certification is currently in progress for IdentityFirst Ltd. We are working towards achieving the highest level of SOC 2 compliance, which will demonstrate that our systems and processes meet stringent security, availability, and confidentiality standards.

We are registered with the UK's Information Commissioner's Office (ICO) under registration number ZC031428. Our platform is designed with privacy by design principles and includes:

• Data minimization and purpose limitation
• End-to-end encryption for all data in transit and at rest
• Comprehensive audit logging and access controls
• Automated data retention and deletion policies
• Privacy impact assessments for all new features

Our security measures include:

• Encryption: AES-256 encryption for all data
• Access Control: Role-based access with multi-factor authentication
• Network Security: Zero-trust architecture with micro-segmentation
• Monitoring: 24/7 security monitoring and automated threat response
• Compliance: Regular security audits and penetration testing
• Backup: Encrypted backups with geo-redundancy

We offer comprehensive identity security services:

• Security Assessment: Comprehensive identity infrastructure evaluation
• Compliance Automation: Automated compliance checking and reporting
• Implementation Services: Platform deployment and integration
• Training & Consulting: Security awareness and technical training
• Incident Response: Emergency security incident handling

No, but we do offer a comprehensive 30-day guarantee that includes:

• Full platform access for 30 days
• Complete security assessment of your environment
• AI-powered threat analysis and recommendations
• Compliance gap analysis
• Technical support during that period
• Money-Back guarantee if not satisied

We provide multiple levels of support:

• 24/7 Technical Support: Round-the-clock assistance for critical issues
• 8/7 Technical Support:For standard business hours support
• Dedicated CSM: Customer Success Manager for enterprise accounts
• Technical Documentation: Comprehensive guides and API documentation
• Training Programs: Security awareness and technical training
• Professional Services: Implementation, integration, and consulting
• Community Access: User forums and knowledge base

Absolutely. We work collaboratively with your existing security teams and complement your current security posture. Our platform integrates with most existing security tools and we provide training and knowledge transfer to ensure your team can effectively use and maintain the solution.

We also offer "Security Team Enablement" programs where we train your staff on advanced identity security concepts and help them become self-sufficient in managing the platform.

Our pricing is based on your organization's size and requirements:

• Registered Charity Editions: First 100 charities: completely free. After that: 30% off all paid tiers
• Starter: Up to 500 users (Approx 2000 Identities)- £250/month or £3000 annually
• Professional: Up to 1,000 users (Approx 5000 Identities)- £500/month or £5000 annually
• Enterprise: Up to 2,500 users (Approx 15000 Identities)- £1000/month or £10000 annually
• Enterprise Plus: Up to 5,000 users (Approx 50000 Identities)- £2,500.00/month or £20000 annually

All plans include full platform access, unlimited assessments, 8/5 standard support, and professional services credits.

Yes! We have a special "Charities First" program that provides significant discounts for registered charities:

• Up to 100% discount on standard pricing for the first 100 charities selected
• Up to 30% discount on standard pricing
• Free implementation and training
• Priority support and feature requests

We have designed IdentityHealthCheck to be installed by the customer if they require to do so. However for IdentityFirst to implement the platfrm, then Implementation costs vary based on your environment complexity:

• Basic Setup: £5,000 - £15,000 (included in Enterprise plans)
• Advanced Integration: £15,000 - £50,000 (custom integrations, migrations)
• Full Transformation: £50,000+ (complete identity infrastructure overhaul)

Most implementations are completed within 1-6 weeks, and we provide comprehensive documentation and training to ensure your team can maintain the solution long-term.

1. Standard Virtual Pilot (SME)
   £249 – £399
   Duration: 60–90 minutes
   Includes:
   • Live walk-through of the platform
   • Explanation of all modules and checks
   • Example findings and risk scoring
   • Q&A
   • No environment-specific analysis
   This keeps it affordable for the 50 –1000 user companies.
2. Full Virtual Pilot + Environment Walkthrough (Light Assessment)
   £750 – £1,250
   Duration: 2 hours
   Includes:
   • Everything from Standard
   • Review of the customer's environment based on discovery
   • Explaining potential findings
   • Showing the blast-radius calculator in context
   • Compliance tie-ins (NIST, ISO, GDPR, etc.)
   • Follow-up pack (PDF summary, recommendations, upgrade pathways)
   This is essentially a mini-consulting engagement without doing a full scan.
3. Full Virtual Proof-of-Value (POV)
   £1,500 – £2,500
   Duration: 3–4 hours across 1–2 sessions
   Includes:
   • Pre-engagement scoping
   • Walkthrough + technical deep dive
   • Mapping to their IAM/SSO/IGA/HRIS/TDR landscape
   • Cost avoidance, risk reduction and ROI considerations
   • Licence/integration recommendations
   • Recorded copy of the session
   • Priority support during the POV
   • Discount if they purchase IdentityHealthCheck within 30 days

Optional Add-ons

These are easy money and no one argues with them:

• Discount incentive
  If they buy IHC within 14 days, apply the pilot fee as credit toward their licence.