Free Download · XLSX · 7 sheets

SME Zero Trust Implementation Workbook

A 90-day implementation plan for SME organisations adopting Zero Trust principles without enterprise-scale budgets. Built around three pillars: identity, network segmentation, and device trust.

Download Workbook (XLSX) →

No email required. Free for organisational use under CC BY 4.0.

What's inside

1. Overview

Orientation, contents map, and usage instructions.

2. 90-Day Plan

16 implementation tasks across 13 weeks with owner, status, and cost tracking. Built-in formulas calculate completion percentage and budget totals.

3. Identity Checklist

18 controls covering MFA enforcement, Conditional Access, PIM, account hygiene, and service accounts.

4. Network Checklist

15 controls covering VLAN design, WireGuard VPN deployment, inter-VLAN ACLs, and segmentation testing.

5. Device Checklist

15 controls covering Intune enrolment, compliance policies, EDR baselining, and BYOD handling.

6. Cost Calculator

Customisable cost model — adjust headcount, unit costs, and licensing assumptions. One-time, annual, and per-user totals calculated automatically.

7. Risk Register

Sample risk register with seven implementation risks. Likelihood × Impact scoring with formula-driven priority calculation.

Why this workbook exists

Most Zero Trust guidance assumes enterprise budgets and enterprise team sizes. Real SME organisations operate with constrained budgets and shared responsibility — the same person handling identity, networking, and device management.

This workbook makes the foundational Zero Trust layer achievable for organisations of 10-100 people, targeting a total budget of £3,000 / ~$3,800 in one-time investment plus modest ongoing costs (Microsoft 365 Business Premium, a small SIEM, and an annual penetration test).

The companion article Designing Zero Trust Networks for SMEs explains the architectural reasoning behind each section.

Get implementation support

If you'd like Secureware to help implement, validate, or accelerate your Zero Trust programme, we offer scoped consulting and the foundational penetration test referenced in the 90-day plan.