Most frameworks assume an enterprise budget, an army of analysts, and months of theoretical consulting. A.C.T.U.A.L. is the opposite: practical, control-first, plug-and-play tools for SMBs, scaling startups, and mid-market teams — spanning IT, security, compliance, AI, and governance. The basic, self-directed version is free. No dense whitepapers. No consulting upsell. Just operational clarity.
Every framework is built on the same operational lifecycle — learn to navigate one, and you can navigate them all.
Every framework deploys completely on its own — need only A.C.T.U.A.L. IT? Run it standalone.
But the whole ecosystem shares one backend, so your data flows forward. Map your assets once in A.C.T.U.A.L. IT and your security posture, compliance readiness, and AI data constraints populate across the other frameworks automatically. You never answer the same question twice.
There are no rigid phases — start where it hurts most. Most SMBs begin with A.C.T.U.A.L. IT (know what you have) and A.C.T.U.A.L. Secure SMB (lock down the basics). Regulated or fast-growing teams often start with A.C.T.U.A.L. Startup or A.C.T.U.A.L. GRC; AI-curious teams with A.C.T.U.A.L. AI. Because the data interlocks, you can add the rest in any order.
RECOMMENDED STARTING POINTS · A.C.T.U.A.L. IT → A.C.T.U.A.L. SECURE SMB → THEN WHAT YOU NEED
Your business-technology operating manual (CIO-in-a-Box). Map hardware assets, cut cloud/SaaS sprawl, and stabilize identity. Audit your MSP and surface Shadow IT spend.
A lightweight, non-enterprise read of CIS Controls and NIST CSF. Enforce MFA, access boundaries, and device protection — with practical hardening guides and gap validation.
Compliance reframed as a sales engine. Pick a track — FinTech/PCI-DSS, MedTech/HIPAA, or SaaS/SOC 2 — and clear the audits blocking enterprise revenue.
Rapid cyber and technical due diligence for small and mid-market acquisitions. Surface hidden tech debt, data liabilities, and vulnerabilities before you sign.
A control-first journey for safe corporate AI — deploy LLMs and internal workloads and select enterprise-grade tools without leaking IP.
Stop leaks through AI and modern web tools. Block staff from pushing PII, source code, or financials into unauthorized networks.
A plug-and-play containment playbook. When ransomware or data theft hits, everyone knows their role — isolation steps, notification timelines, comms runbooks.
Prove underwriter compliance and secure the lowest premium. Run it 60 days before renewal to pass the questionnaire on the first attempt.
A streamlined, non-bureaucratic risk ledger and compliance engine — centralize regulatory mapping, policy reviews, and vendor risk, and replace expensive tooling.
The operating-system process — the operational heartbeat: a steady rhythm for patching, access auditing, policy validation, and vendor tracking.
The ELI5 executive suite. Translate infrastructure debt and risk into fiduciary clarity — a "Tech vs. Revenue" dashboard, a 1-page panic playbook, and 3-slide updates.
The framework itself is free and self-directed. When you'd rather not go it alone, the professional tier brings QUONtech alongside you.
The A.C.T.U.A.L. framework in its basic form, free. Create an account, work the modules at your own pace, use the checklists and templates, and track your own maturity. Add modules in any order — your data carries forward.
↳ Full self-directed library · checklists & templates · self-tracked maturity
FREE — registration opening soon
Done with you. QUONtech adds guided onboarding, expert review of your gaps, tailored controls, and board-ready reporting — delivered through our retainers, so security, IT, and AI stay coordinated.
↳ Everything in Self-Directed, plus hands-on expert support, tailored controls & reporting
FEE-BASED — onboarding from $4,500, or included inside a Fractional retainer
The self-directed framework is free — registration opens soon. Want the supported version now? Book a call and we'll get you set up.