3 steps. Under 3 minutes. We classify your data assets under Israeli law, analyse your current security posture, and build a customised Fortress package covering only your gaps.
Israel's Protection of Privacy Law, 5742-1982 governs how organisations collect, store, and use personal data. The Protection of Privacy Regulations (Data Security), 5777-2017 define the mandatory cybersecurity controls. Amendment 13 (passed 2024, in force 14 August 2025) fundamentally changed enforcement — administrative penalties up to ₪9,000,000 per violation and autonomous enforcement authority for the Privacy Protection Authority (PPA) for the first time.
Holding any of the above categories automatically elevates your security tier — regardless of database size — triggering significantly stricter controls and penalties under the Regulations.
A sub-three-minute interactive assessment that maps your organisation to the four security tiers defined in the Protection of Privacy Regulations (Data Security), 5777-2017, and identifies the specific Amendment 13 obligations that apply.
The assessment asks about the data categories you hold (health, financial, biometric, criminal, beliefs and origin, family, location, salary, personality, statutorily-confidential, minors), the number of data subjects, the database management structure, and the number of separate databases you operate. These inputs determine which of the four legal security tiers — Individual-Managed, Standard (Basic), Elevated (Medium), or Critical (High) — applies under Regulation 3, plus the “basic-override” exception for organisations with sensitive data but ten or fewer users with access.
The assessment maps required controls to seven domains: Endpoint & Detection, Email Security & Backup, Web & Network Security, Monitoring & SOC, Identity & Access Management, Vulnerability & Patch Management, and GRC & Compliance. You check off what you already have; the output is the gap between what Regulation 5777-2017 requires for your tier and what is currently deployed. EPP, MFA, vendor agreements, employee training, SIEM with 24-month log retention, vulnerability management, external penetration testing, and ISO/IEC-aligned incident response are among the controls evaluated.
Tikun 13 § 17B1 mandates Data Protection Officer (DPO) appointment for public bodies, hospitals and HMOs, banks, insurers, data brokers above 10,000 subjects, large-scale-monitoring entities, and organisations processing specially-sensitive information at scale. Tikun 13 § 17B mandates CISO appointment for banks, insurers, public bodies, and — the headline expansion — organisations operating five or more registrable/notifiable databases. The assessment identifies which obligations apply to your organisation and presents the four PPA-recognised engagement options (full-time employee, part-time, vCISO/DPO-as-a-service, or outsourced individual).
Tikun 13 introduced administrative penalties up to ₪9,000,000 per violation, doubled for databases above one million subjects, with all penalties capped at five percent of annual turnover. The assessment estimates your maximum exposure across breach categories: Information Security Regulations breach (₪80,000 at Medium tier, ₪320,000 at High); unlawful processing (₪4–8 per subject with a ₪200,000 floor); DPO/CISO appointment breach; expanded § 11 notice breach; and the 30-day PPA notification breach (₪150,000 flat). Reductions of up to seventy percent are available for self-reporting, remediation, DPO appointment, clean record, and compensation paid.
This assessment is for guidance only and not a substitute for legal advice. Verification of regulatory classification, control counts, and threshold interpretations should be performed by a licensed Israeli privacy counsel or accredited DPO.
The Tikun 13 assessment is one piece. Here's everything Fortress offers MSPs, CISOs, and compliance leads working in Israel.
The Channel Enablement OS to activate, deploy, and monetize cybersecurity.
Who we are — named operators with hands-on MSSP, regulatory, and GRC experience.
In-depth guides on Tikun 13, Regulations 5777-2017, TPRM, GRC, and MSP security.
Live walkthrough of the Fortress platform — SOC, GRC, RMM, and TPRM modules.
Multi-tenant architecture, integrations with SentinelOne, Hornet, Cloudflare, and Defensx.
Catalog of managed cyber services — buy, deploy, and rebrand under your MSP.
How we secure the platform itself — SOC 2, ISO 27001, and Israeli regulatory alignment.
Deep-dive companion article — the three-question framework, tier-by-tier control mapping, ₪ ranges, and the five most common classification mistakes.
Vendor risk management and compliance automation — onboard vendors in days, not weeks.
This assessment reflects Tikun 13 (Amendment 13) effective 14 August 2025. All Fortress content is authored by named operators and follows our editorial policy. For binding legal advice, consult a licensed Israeli privacy counsel or DPO.