IT Current-State Assessment

The IT Current-State Assessment is a practical, vendor-neutral review of your wider technology environment, risks, dependencies and improvement priorities. It is not limited to a single platform or supplier.

IT analyst reviewing security posture across multiple monitors

Who this is for

The IT Current-State Assessment is a practical, vendor-neutral review of your wider technology environment, risks, dependencies and improvement priorities. It is not limited to a single platform or supplier.
It is also useful before changing provider, formalising a managed support package, preparing for growth, supporting a small internal IT team or planning improvements after a period of fast change.

Typical pain points

  • Leaders do not have a clear view of current IT risk.
  • Microsoft 365 settings and permissions have grown without review.
  • Devices are not consistently managed or documented.
  • Security controls are partly in place but not joined up.
  • Backup and recovery expectations are assumed rather than evidenced.
  • Support processes depend too much on informal knowledge.
  • Budget discussions are difficult because priorities are unclear.

What is included

The assessment focuses on practical operational evidence. Scope can vary, but commonly includes:

  • Support model and request handling review.
  • Microsoft 365 tenant overview, including users, groups, admin roles and common configuration areas.
  • Identity, access and multi-factor authentication posture.
  • Device inventory, endpoint standards and management approach.
  • Security baseline review across email, accounts, devices and user behaviour.
  • Backup and recovery assumptions for core systems and data.
  • Onboarding, leaver and access change process review.
  • Priority action plan with practical sequencing.

Findings may point towards Managed IT Support, Endpoint and Device Management, Cybersecurity Essentials or Backup and Business Continuity, depending on what is discovered.

What is not included

This service is not a formal certification audit, penetration test, forensic investigation or legal compliance opinion. It does not guarantee that every technical issue will be found. It is a practical operational assessment designed to help leaders understand current priorities and make better decisions.
Where deeper assurance is needed, OTUSYN can help define the requirement and support coordination with specialist providers.

Outcomes and measurable indicators

  • A clearer view of immediate IT risks and operational gaps.
  • A prioritised action list separated into quick wins, support changes and project work.
  • Better understanding of Microsoft 365 and endpoint management maturity.
  • Documented assumptions around backup, recovery and support ownership.
  • Improved basis for budgeting and service provider discussions.
  • Reduced uncertainty before selecting a managed support package.

Engagement model

The assessment starts with a scoping call to confirm organisation size, systems, locations, key concerns and access requirements. OTUSYN then gathers information through interviews, configuration review, documentation review and targeted checks. The process is designed to be proportionate for smaller organisations and useful for decision-makers.
The output is a plain English findings summary with recommended next steps. Actions are sequenced so leaders can see what should be handled now, what can be planned and what may need separate specialist input.

How findings are prioritised

A useful assessment does not hand over a long list of disconnected observations. OTUSYN separates findings by urgency, operational value and dependency. A missing leaver process may need attention before a wider permissions clean-up. Device visibility may need improving before endpoint compliance can be trusted. Backup assumptions may need clarification before business continuity planning becomes meaningful.
Recommendations are also separated by type. Some items are support process changes. Some are Microsoft 365 administration tasks. Some are security baseline improvements. Others are projects that need time, budget or supplier input. This makes the assessment easier to act on and helps leaders avoid treating every finding as equally urgent.
The final prioritisation should be realistic for the organisation. A small team may need fewer actions with clear ownership rather than a large programme that nobody has capacity to deliver.
The assessment can also identify decisions that need leadership input. Technical teams can recommend MFA changes, backup improvements or device standards, but leaders may need to approve user impact, cost, timing and acceptable risk. Bringing those decisions into the open is one of the main benefits of a current-state review.
OTUSYN can also use the assessment to separate known problems from suspected problems. A leader may feel that “security is weak” or “devices are unmanaged”, but the useful question is what evidence supports that concern. Checking the evidence helps avoid spending time on assumptions while missing a more immediate operational gap.
The output should therefore support decisions, not just describe technology. It should help the organisation decide what to fix, what to monitor, what to budget for and what can reasonably wait, with owners named where possible.

Frequently asked questions

Is this the same as an IT audit?

It is a practical current-state assessment, not a formal compliance audit. It is designed to identify operational gaps, risks and priorities that leaders can act on.

What do we receive at the end?

You receive a plain English summary of key findings, priority actions and recommended next steps. The exact format is agreed based on the scope.

Do we have to buy support afterwards?

No. The assessment can stand alone. If OTUSYN is a good fit for follow-on support or remediation, those options can be discussed separately.

Will the assessment interrupt users?

The work is planned to minimise disruption. Some interviews or information requests may be needed, but the approach is designed to be proportionate.

Get a practical baseline

If you need a clearer view of your IT environment before making decisions, book a readiness call. OTUSYN will confirm whether a current-state assessment is the right first step.
Book an assessment discussion

Scope clarity

Delivery is focused on practical improvements, clear ownership and measurable risk reduction.
Advanced specialist services and significant on-site engineering work are separately scoped and agreed where relevant.
Microsoft 365, Google Workspace and Microsoft Intune are used where appropriate as part of broader managed IT and consultancy support.

IT assessment workstation with cybersecurity analysis