Free and ungated

Checklists your team can use this week.

Everything here is public, no email gate. Use the checklists yourself; they are the same categories VXSec audits against. If the review turns up more unknowns than answers, that is what the fixed-fee audit is for.

Checklists and guides

Offboarding Gap Checklist

The full departure checklist: identity, email, files, SaaS, client access, automations, AI tools, and shared credentials.

Read the checklist

Google Workspace access checklist

Users, Super Admins, groups, shared drives, external sharing, file ownership, and third-party app grants.

Read the checklist

Microsoft 365 checklists

Offboarding, shared mailbox cleanup, and license waste, each as its own working checklist.

Offboarding · Shared mailboxes · License waste

Connected app and OAuth review

How to find, evaluate, and revoke third-party app access across Google Workspace and Microsoft 365.

Read the guide

How to choose an access audit provider

The questions to ask any provider, including VXSec, and the answers that should worry you.

Read the guide

Secure automation ownership

The ownership questions to ask about every Zapier, Make, and n8n workflow before it becomes an incident.

See the review method

How to use these

Each checklist is designed for a real working session: block an hour, open the relevant admin console, and work through it. Most teams find the first pass uncomfortable, which is normal. The point is to move access decisions out of memory and into a document.

If the pass produces a long list of "not sure" answers, the useful next step is a fixed-fee Systems and Access Cleanup: same categories, but with evidence pulled from your actual environment and a sequenced plan at the end.

Rather have it done for you?

The fixed-fee cleanup covers every category on this page against your real environment, with findings you approve before anything changes.

Book a 15-minute scope check