When performing a SAMM assessment, should the scope be the whole organization or something smaller, like a business unit or a single team? The short answer: start small.
The right scope depends on your goals, organizational context, and available resources. If this is your first assessment, begin with a willing, representative team: it keeps the effort manageable and lets you demonstrate value before expanding.
We’ve moved the full guide to the docs: Defining Scope →
Be a part of the SAMM community!
- Join our Slack channel , where you’ll meet other users, ask questions, give feedback, and be in the loop of all things SAMM.
- Join our monthly community calls, where we discuss different topics, exchange experiences and ideas, and review SAMM’s security practices in depth.