S.E.T — Overview

S.E.T (Secure · Enforce · Train) is a multi-tenant security-posture & compliance (GRC) platform, delivered as two portals:

• Admin portal — sold to MSSPs (managed security service providers). The MSSP's analysts run compliance and security work for many client organizations at once. The portal is heavily AI-assisted — generators and analyzers do the heavy lifting (questionnaires, policies, standards-clause extraction, systems/BCP analysis, security-finding enrichment, risk mapping, reports), with the admin acting as reviewer/approver.
• Customer portal — used by the MSSP's clients. Mostly read-only; clients fill assigned questionnaires, upload documents, manage their vendors, and view everything the MSSP produced for them.

It's a B2B2B model: S.E.T → MSSP (admin users) → the MSSP's clients (customer-portal users).

What it covers

Compliance frameworks & standards, questionnaires, AI-generated policies, evidence/document analysis, security findings (pen-test / external-surface / code-review / assessment), risk management (NIST 800-53 mapping), business continuity planning (BIA, process cost, recovery), supply-chain / vendor risk, security-awareness training, remediation workplans, and formal multi-language reports.

Key context

• Compliance drivers: mixed customer base including Israeli regulated industries subject to Amendment 13 of the Israeli Privacy Protection Law (effective Aug 2025) and potential Nimbus Tender alignment — which shape the data-residency and auth decisions.
• Validated MVP: the product is a rebuild of a proven Base44 prototype (real customers, real data) onto an owned, enterprise-grade stack.

The following pages document the locked product and engineering decisions in full.