Every organisation uses cloud services. Email, CRM, HR tools, project management, file storage, messaging — the list grows every year. Each service holds data, some of it sensitive. People access these services from managed laptops, personal phones, shared workstations. Data flows between services through APIs, backups, exports, and integrations.

But if you ask most IT managers to draw a complete picture of this landscape — who accesses what, from which devices, where data flows, and what happens if something goes wrong — the answer is usually a mix of spreadsheets, tribal knowledge, and guesswork.

That's the problem Readmodel® is designed to address.

What Readmodel® does

Readmodel® is a web-based tool that helps you map your organisation's data landscape and understand your risk exposure. You document your services, the people who access them, the devices they use, the data items each service processes, and the transfers between services. The application then computes risk scores, checks backup compliance, assesses device security, and generates reports.

The core idea is simple: you can't protect what you can't see. Readmodel® gives you visibility.

Mapping

At its heart, Readmodel® maps four layers:

  • Services — the tools and platforms your organisation uses (200+ pre-configured templates available)
  • Users — the roles and people who access those services
  • Devices — the laptops, phones, and workstations used for access, with security posture assessment
  • Data items — the categories of data each service processes, with sensitivity classification

These layers are connected: users access services from devices, services process data items, and data transfers flow between services.

Risk insight

Once your data is mapped, Readmodel® computes a risk score for every service. The score considers data sensitivity, authentication controls, legal basis documentation, retention policies, backup coverage, and outgoing data transfers. Services are ranked in a risk register with specific action items — not vague advice, but concrete gaps like "2 items missing legal basis" or "no disk encryption on device accessing this service."

Backup and device security

Beyond data mapping, Readmodel® helps you assess whether your backup strategy actually meets recognised standards like 3-2-1 or 3-2-1-1-0. You define your backup policy, document backup transfers with media type, offsite, and immutability flags, and the system checks compliance automatically.

Similarly, the device security assessment documents groups of devices (not individual serial numbers — Readmodel® is not an MDM) and flags risks: BYOD devices accessing sensitive data without management, devices without disk encryption, missing remote wipe capability.

Vendor lock-in

Each service can be assessed for vendor lock-in risk. How easy is it to leave? Can you export your data in standard formats? What's the migration path? The template library comes pre-populated with lock-in assessments for 50+ common services, so you get a starting point without having to research each vendor yourself.

AI-powered analysis

For paid plans, an AI model analyses your complete data landscape and writes a professional report covering data flows, sensitivity assessment, device security cross-references, backup compliance, and specific recommendations. This report is generated from your actual data — not a generic template.

Compliance documentation

Because you've mapped everything, GDPR compliance documentation comes as a natural byproduct. Readmodel® generates a Record of Processing Activities (ROPA), tracks legal bases and retention periods per data item, documents Data Protection Impact Assessments (DPIAs), and exports everything in print-ready or machine-readable formats.

This is intentional: the primary goal is risk visibility, and compliance documentation follows from doing the mapping work well.

What Readmodel® is not

We want to be clear about what the tool does not do:

  • It is not a security enforcement tool. Readmodel® documents and assesses — it does not configure firewalls, manage devices, or block access.
  • It is not an MDM. Device security is assessed at the group/policy level, not per individual device.
  • It is not legal advice. While it supports GDPR documentation, it does not guarantee compliance. Consult a qualified professional for legal matters.
  • It does not replace formal risk assessments. The risk scores are indicative — designed to highlight areas that may need attention, not to serve as a certified risk assessment.

Early stage, active development

Readmodel® is under active development. We're adding features, refining the user experience, and expanding the template library regularly. Some things may change. We welcome feedback from early users — it directly shapes what we build next.

The application is currently available for EU businesses. If you're outside the EU and interested, you can join our waiting list on the registration page.

Getting started

You can create a free account and start mapping your data landscape immediately. The free plan includes one project with up to five services — enough to explore the tool and see if it fits your needs. No credit card required, no time limit.

If you have questions or feedback, get in touch. We'd like to hear from you.