Understand your data risk in plain English, in minutes

PCRiskPro reviews your Windows PCs on-device for exposed personal data, ageing software, weak settings and Cyber Essentials readiness — then tells you what it means and what to do next, in language you don't need a security team to translate.

Code-signed installer · 100% on-device processing · Nothing uploaded · UK-tuned detection · Free Edition is free forever, no card needed

Four reasons people switch to PCRiskPro

Why security and compliance managers choose our scope-centric scanner.

Most discovery tools charge thousands per year for organisation-wide cloud scanning whether your estate has five devices or five hundred. PCRiskPro's tiers map to what you can scan — local, personal cloud, business cloud, multi-tenant — so a sole trader isn't subsidising an enterprise.

Scope-aware pricing

Legacy Office support

Pre-2007 .doc, .xls, and .ppt files are common in SME audit archives and payroll workbooks. We read them all — modern Office, legacy Office, Outlook .msg, scanned PDFs, images (PNG, JPG, TIFF) the lot.

Transparent scan coverage

Every scan ends with a Files Scanned breakdown: how many had findings, how many were clean, how many were skipped and why. No silent drops, no second-guessing.

100% on-device

No SaaS account. No cloud upload. No third-party data processor agreement to sign. Scanning, OCR, scoring, and report generation all run on the device.

Four reasons people switch to PCRiskPro

Why security and compliance managers choose our scope-centric scanner.

Most discovery tools charge thousands per year for organisation-wide cloud scanning whether your estate has five devices or five hundred. PCRiskPro's tiers map to what you can scan — local, personal cloud, business cloud, multi-tenant — so a sole trader isn't subsidising an enterprise.

Scope-aware pricing

Legacy Office support

Pre-2007 .doc, .xls, and .ppt files are common in SME audit archives and payroll workbooks. We read them all — modern Office, legacy Office, Outlook .msg, scanned PDFs, images (PNG, JPG, TIFF) the lot.

Transparent scan coverage

Every scan ends with a Files Scanned breakdown: how many had findings, how many were clean, how many were skipped and why. No silent drops, no second-guessing.

100% on-device

No SaaS account. No cloud upload. No third-party data processor agreement to sign. Scanning, OCR, scoring, and report generation all run on the device.

Four reasons people switch to PCRiskPro

Why security and compliance managers choose our scope-centric scanner.

Most discovery tools charge thousands per year for organisation-wide cloud scanning whether your estate has five devices or five hundred. PCRiskPro's tiers map to what you can scan — local, personal cloud, business cloud, multi-tenant — so a sole trader isn't subsidising an enterprise.

Scope-aware pricing

Legacy Office support

Pre-2007 .doc, .xls, and .ppt files are common in SME audit archives and payroll workbooks. We read them all — modern Office, legacy Office, Outlook .msg, scanned PDFs, images (PNG, JPG, TIFF) the lot.

Transparent scan coverage

Every scan ends with a Files Scanned breakdown: how many had findings, how many were clean, how many were skipped and why. No silent drops, no second-guessing.

100% on-device

No SaaS account. No cloud upload. No third-party data processor agreement to sign. Scanning, OCR, scoring, and report generation all run on the device.

🔴 Critical

Data Discovery

Document:

Location:

What we found

17 UK National Insurance numbers
9 sort codes + account numbers
3 dates of birth

Why this matters

Personal financial data outside the
encrypted finance share. ICO-reportable
if this device is lost. Covered by
GDPR Article 30.

How to remediate

1. Move file into Finance/Encrypted/
2. Restrict permissions to Finance team
3. Mark as Fixed in PCRiskPro

+5 points

Every finding answers
What · Why · How

Other tools hand you a CSV of regex matches and wish you luck. PCRiskPro explains the risk in plain English, names the responsible role, estimates the effort to fix it, and tracks the change over time so you know whether you're improving.

Every detection in the Data Discovery, Cyber Essentials, and System Security modules has a What / Why / How card. Every CVE in Application Security has a Direct vs Dependency confidence band and a CISA KEV ransomware flag. Findings you've remediated stay marked across re-scans.

🔴 Critical

Data Discovery

Document:

Location:

What we found

17 UK National Insurance numbers
9 sort codes + account numbers
3 dates of birth

Why this matters

Personal financial data outside the
encrypted finance share. ICO-reportable
if this device is lost. Covered by
GDPR Article 30.

How to remediate

1. Move file into Finance/Encrypted/
2. Restrict permissions to Finance team
3. Mark as Fixed in PCRiskPro

+5 points

Every finding answers
What · Why · How

Other tools hand you a CSV of regex matches and wish you luck. PCRiskPro explains the risk in plain English, names the responsible role, estimates the effort to fix it, and tracks the change over time so you know whether you're improving.

Every detection in the Data Discovery, Cyber Essentials, and System Security modules has a What / Why / How card. Every CVE in Application Security has a Direct vs Dependency confidence band and a CISA KEV ransomware flag. Findings you've remediated stay marked across re-scans.

🔴 Critical

Data Discovery

Document:

Location:

What we found

17 UK National Insurance numbers
9 sort codes + account numbers
3 dates of birth

Why this matters

Personal financial data outside the
encrypted finance share. ICO-reportable
if this device is lost. Covered by
GDPR Article 30.

How to remediate

1. Move file into Finance/Encrypted/
2. Restrict permissions to Finance team
3. Mark as Fixed in PCRiskPro

+5 points

Every finding answers
What · Why · How

Other tools hand you a CSV of regex matches and wish you luck. PCRiskPro explains the risk in plain English, names the responsible role, estimates the effort to fix it, and tracks the change over time so you know whether you're improving.

Every detection in the Data Discovery, Cyber Essentials, and System Security modules has a What / Why / How card. Every CVE in Application Security has a Direct vs Dependency confidence band and a CISA KEV ransomware flag. Findings you've remediated stay marked across re-scans.

Built for the audits you actually face

Calibrated specifically for UK regulatory baselines and certification pathways.

DPA 2018

UK GDPR / DPA 2018

Article 30 register cues, ICO breach scoping, and Subject Access Request workflows. UK-tuned identifier patterns (NHS, NI, sort codes, UK postcodes) with US locale disabled by default.

IASME

Cyber Essentials & CE Plus

Five control themes assessed against the current 2026 CE technical requirements. Export the Cyber Essentials HTML report and hand it straight to your assessor for pre-audit evidence.

PCI-DSS

PCI-DSS scope identification

Find cardholder data (PAN, Track, IIN) sitting outside the cardholder data environment. Critical for SAQ-D and Level 4 merchant pre-assessment.

Built for the audits you actually face

Calibrated specifically for UK regulatory baselines and certification pathways.

DPA 2018

UK GDPR / DPA 2018

Article 30 register cues, ICO breach scoping, and Subject Access Request workflows. UK-tuned identifier patterns (NHS, NI, sort codes, UK postcodes) with US locale disabled by default.

IASME

Cyber Essentials & CE Plus

Five control themes assessed against the current 2026 CE technical requirements. Export the Cyber Essentials HTML report and hand it straight to your assessor for pre-audit evidence.

PCI-DSS

PCI-DSS scope identification

Find cardholder data (PAN, Track, IIN) sitting outside the cardholder data environment. Critical for SAQ-D and Level 4 merchant pre-assessment.

Built for the audits you actually face

Calibrated specifically for UK regulatory baselines and certification pathways.

DPA 2018

UK GDPR / DPA 2018

Article 30 register cues, ICO breach scoping, and Subject Access Request workflows. UK-tuned identifier patterns (NHS, NI, sort codes, UK postcodes) with US locale disabled by default.

IASME

Cyber Essentials & CE Plus

Five control themes assessed against the current 2026 CE technical requirements. Export the Cyber Essentials HTML report and hand it straight to your assessor for pre-audit evidence.

PCI-DSS

PCI-DSS scope identification

Find cardholder data (PAN, Track, IIN) sitting outside the cardholder data environment. Critical for SAQ-D and Level 4 merchant pre-assessment.

UK Tuned

Built for the regulatory environment we live in. Pattern detection, address formats, compliance positioning — every default is calibrated for UK SMEs.

Built for the regulatory environment we live in. Pattern detection, address formats, compliance positioning — every default is calibrated for UK SMEs.

Need more scan capacity?

Start with the Free Edition from the header. Compare plans only when you need broader scan scope or commercial use.

See full pricing

Free Edition available · upgrade only when needed

Need more scan capacity?

Start with the Free Edition from the header. Compare plans only when you need broader scan scope or commercial use.

See full pricing

Free Edition available · upgrade only when needed


What PCRiskPro tells you


A single automated scan answers four critical security questions for your organisation.

🔍

Where is your sensitive data?

Every PDF, Word file, spreadsheet, image and email across your endpoints, OneDrive, SharePoint and network shares — with the exact file path, how serious it is, and how sure we are it's real.

🛡️

Are your apps patched?

We match your installed software against the live CVE databases and score each finding by confidence, so you fix the genuine risks instead of drowning in false positives.

📋

Would you pass Cyber Essentials today?

All five control themes — firewalls, secure configuration, user access, malware protection, security updates — assessed in under two minutes, with a report you can hand straight to your assessor.

🔐

Is the Windows estate hardened?

Antivirus, encryption, Secure Boot, TPM, RDP, SMBv1 and more — the advanced hardening checks most tools skip, run on every device.

🔍

Where is your sensitive data?

Every PDF, Word file, spreadsheet, image and email across your endpoints, OneDrive, SharePoint and network shares — with the exact file path, how serious it is, and how sure we are it's real.

🛡️

Are your apps patched?

We match your installed software against the live CVE databases and score each finding by confidence, so you fix the genuine risks instead of drowning in false positives.

📋

Would you pass Cyber Essentials today?

All five control themes — firewalls, secure configuration, user access, malware protection, security updates — assessed in under two minutes, with a report you can hand straight to your assessor.

🔐

Is the Windows estate hardened?

Antivirus, encryption, Secure Boot, TPM, RDP, SMBv1 and more — the advanced hardening checks most tools skip, run on every device.

🔍

Where is your sensitive data?

Every PDF, Word file, spreadsheet, image and email across your endpoints, OneDrive, SharePoint and network shares — with the exact file path, how serious it is, and how sure we are it's real.

🛡️

Are your apps patched?

We match your installed software against the live CVE databases and score each finding by confidence, so you fix the genuine risks instead of drowning in false positives.

📋

Would you pass Cyber Essentials today?

All five control themes — firewalls, secure configuration, user access, malware protection, security updates — assessed in under two minutes, with a report you can hand straight to your assessor.

🔐

Is the Windows estate hardened?

Antivirus, encryption, Secure Boot, TPM, RDP, SMBv1 and more — the advanced hardening checks most tools skip, run on every device.