Services

Core Services

We offer a focused set of services aligned to delivery certainty, accountability, and sustainable outcomes.

Certification & Accreditation (C&A)

Evidence-based assurance to support formal sign-off and accountable decisions.

C&A is a structured assurance activity that confirms security controls are appropriately designed and validated in practice (not just documented), so decision-makers can accept residual risk with confidence. Delivery is aligned to recognised frameworks including NZISM, PSR, and relevant NIST guidance.

What you get

  • Risk view with rationale and confidence
  • Controls and evidence traceability
  • Executive-ready reporting and recommendations
  • Actions that support accreditation outcomes

Governance, Risk & Compliance (GRC)

Pragmatic uplift and reporting for regulated environments.

GRC support provides a structured view of risk, control effectiveness, and compliance obligations so leaders can make accountable decisions with clear prioritisation. Delivery focuses on proportionate controls, evidence traceability, and governance-ready reporting aligned to organisational context.

What you get

  • Risk assessment and treatment planning
  • Control uplift prioritisation
  • Governance reporting and decision support
  • Lightweight assurance of key controls

Audit & Assurance Support

Structured audit readiness and defensible assurance outcomes.

This service supports organisations preparing for internal or external audit by strengthening evidence quality, clarifying control intent, and identifying gaps early. Engagements are designed to reduce audit disruption while producing outcomes that are defensible and aligned to governance expectations.

What you get

  • Pre-audit gap identification
  • Evidence pack structure and traceability
  • Remediation sequencing and action plan
  • Independent assurance reviews (as needed)

Risk Assessments

Decision-ready assessment of security and technology risk.

This service supports organisations seeking an independent view of risk to inform governance, investment, and assurance decisions. Assessments are scoped to organisational context and focus on defensible risk reasoning, control effectiveness, and clear articulation of residual risk.

What you get

  • Clear risk statements with context and rationale
  • Assessment of likelihood, impact, and existing controls
  • Assessment of likelihood, impact, and existing controls
  • Executive-ready summary and recommendations

Note: Operational services (penetration testing, SOC/MDR, digital forensics) are not offered in Phase 1.