Everything under one accountable contract.

Most companies cannot produce a complete list of their tools, accounts, vendors, and admin rights. We build that list, draw the real architecture, and price what we find against a published baseline: CIS Benchmarks, ISO 27001 Annex A, vendor reference architectures, and our automation grade. About 30% of typical IT spend does nothing useful; the report shows you exactly where yours goes.

You receive: a full asset and access map (formatted to serve as your DORA ICT asset register), a vendor register with owners and costs, a waste analysis, a risk report ranked by real exposure, and a costed remediation plan. Fixed price, fixed scope, yours to keep whether or not we execute it.

From gap analysis to audit-ready evidence. We build the ICT risk framework, the registers, the policies that match how you actually operate, and the incident process that can answer a 72-hour reporting clock. For firms serving banks and enterprises, we get you through the third-party questionnaires that now decide contracts. We know how your client’s DDQ will be scored, because we answer them line by line, with you or for you.

Formats: a scoped programme to a certification or compliance date, or continuous compliance under retainer. Primary sectors: financial entities and their software vendors; healthcare, logistics, and manufacturing under NIS2.

A named security lead who owns your posture: board and management reporting, risk decisions, audit and regulator interface, vendor security reviews, and direction for whoever runs your IT day to day. Senior practitioners who have sat across the table from supervisors, at a fraction of a full-time hire.

Real security on your actual infrastructure: hardening of identity, endpoints, and cloud configuration first, then managed detection and response on top. Because we hold no vendor partnerships, the tooling is chosen for your estate, not for our margin. Post-incident and due-diligence engagements start here.

Hire fifty people. Don’t hire an IT team. Complete IT operations with security built in: zero-touch device lifecycle through MDM, identity and access through SCIM, privileged access management, helpdesk, vendor management, and detection and response, under one contract with one accountable party.

Also available co-managed: we sit next to your internal IT team instead of replacing it, bringing architecture, deployments, on-call escalation, and audit support while your people keep the keys.

Pricing: roughly €100–250 per seat per month depending on footprint and regulatory obligations. The Clarity Assessment sets the exact number before you commit.

Design and review of AWS, GCP, Azure, and hybrid estates, standardized against CIS Benchmarks and built to hold up in an audit. Then the part most providers have no incentive to do: we shrink it. Duplicate tools consolidated and cancelled, licenses matched to actual use, workloads right-sized, dead vendors cut from the register.

Typical outcome: a smaller, standardized estate that costs less to run and takes minutes, not weeks, to explain to an auditor. About 30% of typical IT spend does nothing useful; reduction is a deliverable here, not a side effect.

Your teams already use AI tools, sanctioned or not, and your clients and regulators have started asking how. We inventory actual AI use across the company, set usage policy that people can follow, review the vendors and data flows behind it, and build the governance evidence: aligned with the EU AI Act timeline and ISO/IEC 42001 where certification is the goal.

Fits how you already work with us: AI use lands in the same asset register, vendor register, and policy set as the rest of your estate. One governance system, not a parallel one.

Penetration tests through our vetted specialist network. MDM, SCIM, and PAM deployments. Automated offboarding builds. Hardening sprints. If the scope is clear, we quote it fixed and start without ceremony.