Platform
Annual Tabletop is an AI exercise director (Atlas), a framework-aligned scenario library, an HSEEP-conformant AAR generator, and a multi-tenant delivery layer for partners — in one product, not four.
Four capabilities
Capability 01
Atlas presents injects, keeps the clock, captures each decision as it\u2019s made, and adapts the next inject based on what your team actually did. It stays inside HSEEP guardrails — no \u201Ccreative\u201D drift off-framework. Runs live in a browser for the room, or async across a distributed team.
Capability 02
Every scenario is authored against a primary framework and carries crosswalks to every other relevant one. FFIEC wire fraud scenarios carry NIST CSF + CJIS + NYDFS mappings. Hospital EHR outage scenarios carry HIPAA §164.308 + NIST CSF + PCI. Your AAR arrives graded on the same axes as your audit.
Browse scenariosCapability 03
HSEEP-conformant template out of the box. Every decision time-stamped, scored against your plan, and linked to a framework control. Evidence attached. Crosswalk built in. Exports to PDF (for the examiner) and DOCX (for your remediation tracker) in under 30 seconds.
Download sample AARCapability 04
MSP and IR firms deliver Annual Tabletop as their own service: partner branding, partner colors, partner footer. Per-tenant isolation for client data, per-tenant access control, per-tenant AARs. Customer-deliverable inside 48 hours from session end.
White-label kitArchitecture
One pipeline. One source of truth for decisions. One audit-ready output. No integrations required to get started — Atlas runs in a browser. Optional SSO, SCIM, and webhooks land on higher tiers. (Diagram coming in the v1.1 visual pass.)
Compare
The incumbents win the Fortune 500. The free options serve the truly under-resourced. Everyone in between has been choosing between a template they have to drive themselves and a $50K consulting engagement. Here's where we sit.
| Capability | Annual Tabletop | Free / CISA CTEPs | Enterprise SOC platform | DIY with senior consultant |
|---|---|---|---|---|
| AI-facilitated live session | ||||
| HSEEP-conformant AAR out of the box | ||||
| FFIEC / NCUA / NYDFS crosswalk in the AAR | ||||
| Priced for SMB, county, non-profit, community bank | ||||
| White-label for MSP / IR delivery | ||||
| No per-user seat tax | ||||
| Repeatable — same platform for next year's exercise |
Security & data handling
Decisions, evidence, and AARs stay in your tenant. Optional U.S. single-region hosting for FFIEC, CJIS, and CMMC buyers. DPA and SCC available on request. The full write-up — encryption, retention, sub-processors, and access controls — lives on /security.
No sign-up, no sales call, no calendar invite. Sample AAR downloadable at the end.