Diagnostic Engagement

AI Infrastructure Readiness Assessment.

Before you roll out AI tools at scale, find out what your infrastructure can actually support — and what needs to be addressed first.

2–3 weeks

typical engagement duration
6 domains

identity, data, network, cloud, security, cost
$4,500–$7,000

fixed, by environment scope

Why this matters.

Most AI tool rollouts happen top-down. Leadership picks a tool, announces the decision, and the IT lead inherits the implementation work. What rarely happens first: a structured look at whether the infrastructure underneath is actually ready to support AI adoption safely. Unclassified sensitive data in shared drives the AI tool will now index. API credentials stored in ways that weren't designed for AI-level access patterns. Cloud environments with no cost baseline that spike without warning when AI usage scales. The result is exposure nobody modeled before the rollout — and an IT lead who gets called in after something goes wrong rather than before. This assessment is for organizations that want to get ahead of it.

What we do.

A structured assessment across six infrastructure domains, working from your existing documentation, environment inventory, and stakeholder interviews — no agent deployment, no vulnerability scanning, no penetration testing. We work from read-only cloud account access and direct conversation with your IT lead, not from intrusive tooling. Each domain produces a scored readiness rating (Ready / Needs Attention / Blocking), a findings narrative, and sequenced recommendations. The Integration Map documents which of your existing systems are realistic AI integration candidates, what the data flow picture looks like, and where connectivity blockers exist. The delivery walkthrough covers all findings, the remediation roadmap, and a clear view of what's required before rollout, what can run in parallel, and what can wait.

1. Identity & Access Foundation — MFA enforcement, Conditional Access posture, service account hygiene, API credential management. AI tools often get API-level access to systems; are the identity controls in place to govern that safely?

2. Data Foundation & Governance — Sensitive data classification, where data lives, which systems AI tools can reach, and whether your data governance posture can extend to AI use cases without new exposure.

3. Network & Endpoint Controls — DLP policy posture, CASB or browser management capability, managed-device reach. What's the realistic surface area for unsanctioned AI tool access from company endpoints?

4. Cloud Connectivity & Integration — Which existing systems could connect to AI tools, available and documented APIs, realistic data flows, and any network or firewall constraints that would block intended integrations.

5. AI-Specific Security Posture — Audit logging of AI interactions, API key management, vendor security review of AI tools in use, and model output handling. Security risks specific to AI adoption that go beyond the general security baseline.

6. Cost Visibility & Observability — Current cloud spend baseline, anomaly detection, and budget alerting. AI tool adoption at scale drives unexpected cost spikes; does the environment have the visibility to catch and respond?

What you walk away with.

A scored AI Infrastructure Readiness Report across all six domains — rated and prioritized, not a generic assessment template. A remediation roadmap sequenced by effort and impact, with a clear pre-rollout-required tier distinct from can-wait items. An Integration Map of your AI-eligible systems. A 60-minute delivery walkthrough with your IT lead and leadership. And 30 days of email access for follow-up questions after delivery — because findings always surface questions after the session.

What's in scope.

Stakeholder interviews with IT lead and relevant technical contacts. Documentation review (existing environment diagrams, cloud account structure, SaaS inventory, identity configuration). Read-only cloud account access for billing and configuration review. Assessment across six domains with scored readiness ratings (Ready / Needs Attention / Blocking) and findings narrative for each. Prioritized remediation roadmap (effort × impact, pre-rollout-required vs. can-wait distinction). Integration Map — AI integration-eligible systems, data flows, connectivity blockers. 60-minute delivery walkthrough session (IT lead and leadership). 30 days of follow-up email access after delivery.

What's out of scope.

Implementation of any remediation item — separate engagement scoped and priced against findings. Formal compliance audits or certifications (HIPAA, SOC 2, CMMC) — different deliverable, different credentialing requirements. Penetration testing or vulnerability scanning — refer out. Microsoft 365 Copilot-specific tenant assessment — that's the Copilot Readiness SKU. Ongoing advisory after delivery — that's the AI Advisory Retainer. AI tool procurement, vendor negotiation, or licensing work.

This is the right engagement when…

Your organization is actively rolling out AI tools (Copilot, Claude for Work, ChatGPT Enterprise, or similar) or about to — and leadership wants to know what the infrastructure can actually support before the rollout, not after.
Your IT lead knows "we need to be ready for AI" but hasn't done a structured assessment of what that means for your specific environment.
You're working with regulated or sensitive data (healthcare-adjacent, financial, legal, government contractors) and adopting AI under pressure without having audited the infrastructure layer first.
You completed an AI Governance & Policy Package and the governance work surfaced infrastructure questions that need a dedicated technical answer.
A board, a compliance team, or a major client is asking whether your infrastructure is ready to support AI tool adoption safely — and you need a written answer.

What you receive across the engagement.

AI Infrastructure Readiness Report Scored assessment across all six domains, typically 12–18 pages. Readiness rating per domain (Ready / Needs Attention / Blocking), findings narrative, and overall readiness summary. Formatted for both IT lead and leadership audiences.
Prioritized Remediation Roadmap Sequenced recommendations with effort × impact. Pre-rollout-required items separated from can-run-in-parallel and can-wait items. Named first actions with effort estimates so the IT lead can sequence implementation immediately.
Integration Map One-pager documenting AI integration-eligible systems identified during assessment, data flows, and any connectivity blockers found. Starting point for integration planning and vendor conversations.
60-minute delivery walkthrough Live session with IT lead and leadership covering all findings and recommendations. Recording is yours.
30-day email Q&A Follow-up access after delivery for clarification questions on findings, remediation guidance, or vendor evaluation questions that surface after the session.

Here's the kind of issue this assessment surfaces before rollout — not a redacted excerpt from a delivered engagement.

Identity assessment surfaces that the service account credentials used for a SharePoint integration are stored in a shared document in the same SharePoint environment the AI tool will be indexing. Data foundation assessment finds three department shared drives with no sensitivity classification — one contains HR records from a prior year that were never moved after a folder reorganization. Both are Blocking-tier findings: they need to be resolved before a Copilot or similar AI rollout, not during it. The remediation roadmap assigns both items a two-day effort estimate and sequences them as the first two actions — the rest of the roadmap is contingent on both being cleared. Client goes into the rollout with a clean identity posture and a classified SharePoint environment instead of a post-incident conversation about what the AI tool accessed.

— Illustrative finding · the kind of issue an AI Infrastructure Readiness Assessment is built to surface before rollout

How we're different.

Infrastructure-layer depth. The assessment covers cloud connectivity, API integration architecture, and AI-specific cost observability — not just security posture and data governance. Corey's background is Linux, Azure, hybrid cloud, IaC. That depth is what distinguishes this from a governance consultant who's never sat in a cloud console.
Vendor-neutral. Not selling a specific AI tool, not tied to Microsoft or any platform. Findings are honest regardless of which tools the client has already committed to.
Pre-rollout, not post-incident. The point is to assess before the rollout — not to recover from the consequences of skipping the assessment.
No intrusive tooling. The assessment works from interviews, documentation review, and read-only cloud account access — no agent deployment, no vulnerability scanner, no endpoint monitoring. Useful when speed or organizational sensitivity makes intrusive tooling impractical.

Want to know what your infrastructure can actually support before you commit to a rollout?

Schedule a free discovery call

Indiana · U.S. remote