// Services

Six practice areas. One operating system for security.

Engagements are modular. Start with a focused diagnostic or commission a full ISMS build — either way, every deliverable maps back to risk reduction and certification readiness.

ISO/IEC 27001 ISMS Implementation

Full ISMS build aligned to the 2022 revision — context, scope, risk, SoA, controls, operations, and management review.

Gap analysis & roadmap
Risk methodology & register
Statement of Applicability
Policy & control suite
Stage 1 / Stage 2 readiness

Lead & Internal Audits

Independent audits performed to ISO 19011 standards by a certified Lead Auditor.

ISMS internal audit program
Annex A control testing
Supplier audits
Findings & CAPA tracking
Management review packs

Risk Assessment & Treatment

Asset-based and scenario-based risk assessments with quantifiable treatment plans.

Asset & data inventory
Threat modelling (STRIDE)
Risk scoring & appetite
Treatment & residual risk
KRI/KPI dashboards

GRC & Multi-Framework Compliance

Cross-walks and unified controls for organisations operating under multiple frameworks.

NIST CSF 2.0
SOC 2 Type I/II readiness
GDPR & data protection
PCI DSS scoping
Control crosswalks

Policies, Procedures & Evidence

Practical, enforceable documentation tailored to your operating model — not generic templates.

ISMS policy hierarchy
Operational procedures
Evidence automation patterns
Document control
Awareness training

Third-Party & Vendor Risk

Stand up and operate a defensible vendor risk management program.

Vendor inventory & tiering
Due diligence questionnaires
Contractual controls
Continuous monitoring
Sub-processor reviews

Not sure where to start?

A 30-minute consultation will tell you exactly which engagement fits your stage.

Book a consultation