Results · client outcomes
Deals unblocked, reviews passed
How engagements run, what we handle, and — as clients agree to publication — their outcomes. In this business, discretion is part of the product: we publish nothing about a client without written consent.
How engagements run · The Audit
Two weeks, fixed price, a ranked plan
Days 1–3: kickoff, document access, and assessment across the 12-point framework — every dimension scored green, amber, or red. Days 4–6: we complete one of your live customer security questionnaires as a working sample, so you see the standard, not a promise of it. Days 7–10: the report — every red explained in plain English, and a fix-it plan ranked by which fixes unblock revenue fastest, with effort estimates. You keep everything, whether or not we continue.
How engagements run · The Retainer
Your security desk, month after month
Questionnaires returned in days with engineering undisturbed; SOC 2 preparation managed to a date, not a hope; a named security lead on your customer calls; and a one-page status report every month — what was completed, where the audit stands, and the decisions that need you. Minimum term three months; either side may exit on 30 days' notice after that. Retainers that need to justify themselves monthly tend to stay justified.
What we handle
The formats, the standards, the reviews
Security questionnaire formats including CAIQ and SIG/SIG Lite, enterprise vendor-specific questionnaires, and the AI-governance addenda now appearing in most reviews. Readiness programs for SOC 2 Type II, ISO 27001 and GDPR. Vendor due-diligence calls, CISO-to-CISO. Our partners' delivery history includes FedRAMP certification led end to end and security product work inside one of the industry's largest cybersecurity vendors. Client questionnaire content is confidential, always — engagements appear on this page only with the client's written agreement, which is exactly the discretion you would want as a client yourself.