Cyber GRCGovernance, Risk & Compliance
Building or fixing the framework that proves security is managed properly.
Who it's for
- Companies pursuing ISO 27001, SOC 2, or Cyber Essentials
- Firms that failed an audit or client security questionnaire
- Startups facing enterprise security due diligence
- Organisations preparing for NIS2, DORA, or GDPR security scrutiny
What we do
ISO 27001NIST CSFCyber EssentialsPoliciesRisk frameworksThird-party risk
Typical engagement: fixed-price gap assessment, usually £3,500–£6,500 depending on scope.
Discuss a GRC engagement
RemediationProgramme Remediation
Leading the fix when audit, breach, or board pressure demands action.
Who it's for
- Organisations with audit findings that need structured remediation
- Companies needing post-incident remediation led properly
- Boards that mandated security improvement without internal delivery capacity
- Firms needing interim CISO or programme director support
What we do
Programme designGovernanceStakeholder reportingVendor oversightBAU handover
Typical engagement: interim programme lead, usually £800–£1,200/day depending on scope, urgency, and commitment.
Discuss remediation
IAMIAM Security Architecture
Designing and reviewing how people and systems access your data and applications.
Who it's for
- Companies whose access management has grown informally
- Firms handling sensitive data that need provable access controls
- Organisations moving to cloud/SaaS across environments
- Companies preparing for zero-trust or modernising legacy access systems
What we do
IAM strategyPAMZero-trustIGAAccess reviewTooling evaluation
Typical engagement: IAM architecture review, usually £3,500–£5,500 depending on scope.
Discuss IAM