Free Download · XLSX · 7 sheets
SME Zero Trust Implementation Workbook
A 90-day implementation plan for SME organisations adopting Zero Trust principles without enterprise-scale budgets. Built around three pillars: identity, network segmentation, and device trust.
No email required. Free for organisational use under CC BY 4.0.
What's inside
1. Overview
Orientation, contents map, and usage instructions.
2. 90-Day Plan
16 implementation tasks across 13 weeks with owner, status, and cost tracking. Built-in formulas calculate completion percentage and budget totals.
3. Identity Checklist
18 controls covering MFA enforcement, Conditional Access, PIM, account hygiene, and service accounts.
4. Network Checklist
15 controls covering VLAN design, WireGuard VPN deployment, inter-VLAN ACLs, and segmentation testing.
5. Device Checklist
15 controls covering Intune enrolment, compliance policies, EDR baselining, and BYOD handling.
6. Cost Calculator
Customisable cost model — adjust headcount, unit costs, and licensing assumptions. One-time, annual, and per-user totals calculated automatically.
7. Risk Register
Sample risk register with seven implementation risks. Likelihood × Impact scoring with formula-driven priority calculation.
Why this workbook exists
Most Zero Trust guidance assumes enterprise budgets and enterprise team sizes. Real SME organisations operate with constrained budgets and shared responsibility — the same person handling identity, networking, and device management.
This workbook makes the foundational Zero Trust layer achievable for organisations of 10-100 people, targeting a total budget of £3,000 / ~$3,800 in one-time investment plus modest ongoing costs (Microsoft 365 Business Premium, a small SIEM, and an annual penetration test).
The companion article Designing Zero Trust Networks for SMEs explains the architectural reasoning behind each section.
Get implementation support
If you'd like Secureware to help implement, validate, or accelerate your Zero Trust programme, we offer scoped consulting and the foundational penetration test referenced in the 90-day plan.