All services
service
GRC and Audit
Governance programmes that pass audit and survive a real incident. Pragmatic control design and evidence that writes itself.
control-mapping.yaml
v1
controlAC-2 account management
isoA.5.16 identity
soc2CC6.1 logical access
evidenceokta → drata → s3
ownerpeople.ops + platform
ready for review
Outcomes
What you get.
- Certification ready in months
- Controls mapped to multiple frameworks at once
- Continuous evidence wired into your stack
- A risk register the board can use
Capabilities
The work, broken down.
ISO 27001 and SOC 2 readiness
Gap analysis, scoping, ISMS build, statement of applicability, audit liaison.
NIST CSF and CIS Controls
Maturity assessment with a costed roadmap, prioritised by risk reduction.
Third party and supplier risk
Risk tiering, due diligence, contract clauses, continuous monitoring.
DORA, NIS2 and UK regulation
Operational resilience mapping, incident reporting, ICT risk register.
Virtual CISO
Fractional security leadership: board reporting, programme delivery, audit defence.
Tooling and standards
The platforms we work with.
ISO 27001SOC 2NIST CSFCIS v8DORANIS2PCI DSSDrataVantaEramba
Pair with
Stronger together.
Get started
Tell us where it hurts. We will tell you what good looks like.
A 30 minute call with a senior practitioner. No sales motion. Clear next step.