What Happens After You Sign Up for BlackSheep? Your First Week, Day by Day

Day 1: Domain Scan & Baseline

You sign up and enter your firm's domain. BlackSheep runs an automated security scan against your public infrastructure — SSL certificates, DMARC and SPF records, email security headers, server exposure, open ports. No software to install. No IT department required.

Within five minutes, you get your compliance score. Every gap is listed with a plain-language explanation of what it means, why it matters, and how to fix it. This is your baseline — the starting point that everything else builds on.

Most firms find three to five issues they did not know existed. That is normal. That is why you are here.

Day 2: Policy Generation

BlackSheep generates your Written Information Security Program — your WISP. This is not a generic template you download and hope for the best. The platform tailors the document to your firm: your state's regulatory requirements, your AUM tier, the compliance frameworks that apply to you.

You review the generated policy. You customize anything that does not match how your firm actually operates. When you are done, you have a written policy that an SEC examiner can read and understand — because it describes your firm, not a hypothetical one.

Day 3: Incident Response Plan

Your incident response plan gets built with your specific procedures baked in. Who to call when something goes wrong. Notification timelines that match Reg S-P requirements. Containment steps for different types of incidents. Client communication templates so you are not drafting emails under pressure during an actual breach.

Reg S-P requires a written incident response program. Not "we'll figure it out when it happens." A documented plan with assigned roles and defined procedures. Day 3 gets you there.

Day 4: Risk Assessment

BlackSheep walks you through a guided risk assessment. You document threats, vulnerabilities, your current controls, and your remediation priorities. The platform asks the questions. You provide the answers. It builds the written document.

This is the document SEC examiners ask for during an exam. They want to see that you identified the risks specific to your firm, evaluated their likelihood and impact, and have a plan to address them. A completed risk assessment in BlackSheep gives you exactly that — with timestamps and version history so there is no question about when it was done.

Day 5: Vendor Oversight & Evidence Collection

You set up vendor tracking. BlackSheep helps you catalog your third-party providers — your custodian, your CRM, your email platform, your cloud storage — and track whether they have 72-hour breach notification clauses in their agreements.

Evidence collection begins automatically. Scan results, policy versions, completion timestamps, risk assessment history — all of it gets stored and organized. Your audit trail starts building itself from day one. When an examiner asks "show me your documentation," you open BlackSheep and show them.

Days 6-7: Review & Close the Gaps

You review everything from the week. Your compliance dashboard shows you where you stand across every requirement. Green means done. Yellow means in progress. Red means it needs attention.

Close the remaining gaps. By the end of the weekend, your dashboard shows green across the board. You have a WISP, an incident response plan, a completed risk assessment, vendor oversight documentation, and an evidence trail that proves all of it. You are exam-ready.

That's it

One week. $249/mo. No consultant. No six-month timeline. No binder full of templates that do not apply to your firm.

You do not need to be technical. You do not need to hire anyone. You need a domain name and about 30 minutes a day for a week.