Our practice covers six areas — information security management, advisory, technology operations, continuity, monitoring, and procurement - held together by one operating model. This page explains what we do in each, who we do it for, and how we work.
Our clients sometimes engage other providers for work we could have done, usually because the scope of our practice is wider than what we have shown in day-to-day delivery. That is on us, and we are working to address it
If you have a project, a question, or a piece of work that does not obviously fit what you have seen us do before, please ask. The list below is comprehensive, and even where something is not listed, we may be able to help, or recommend someone we trust who can.
We organise our services into six practice areas. The first five are how we deliver the information security model in practice: governance, advisory, operations, continuity, and monitoring. The sixth is procurement, which is how we source and supply the technology that supports everything else.
Across all six, we apply the same disciplines: documented procedures, governed change, evidence-based decisions, and the same care we apply to our own organisation.
Each practice area has its own page with full detail.
We design, implement, and operate information security management systems aligned to ISO 27001:2022, TISAX AL2, and CIS Controls.
Who this is for: Organisations pursuing ISO 27001 certification or needing to demonstrate compliance with POPIA, TISAX, or CIS Controls.
See full detail →We help organisations make security-led decisions about technology, process, and governance — before the procurement, not after the incident.
Who this is for: Organisations making technology investment decisions who need independent, security-led advice before committing.
See full detail →We design, build, and operate the technology environments our clients run on — networks, servers, virtualisation, identity, end-user computing, and the supporting infrastructure.
Who this is for: SME and mid-market organisations that want a single, accountable technical partner
See full detail →We protect data and operations against the bad day — through backup, archiving, and disaster recovery designed against real threats.
Who this is for: Organisations that cannot afford data loss or extended downtime — finance, manufacturing, legal
See full detail →We provide continuous visibility across infrastructure, applications, and security events — and we act on what the data tells us.
Who this is for: Organisations that need continuous visibility without maintaining an in-house NOC or SOC
See full detail →We source and supply the technology, licences, and services our clients use — as part of the practice, not as a sales channel.
Who this is for: Organisations that want technically-informed procurement decisions, not margin-driven recommendations
See full detail →We help organisations adopt artificial intelligence safely, with attention to information security, governance, and the principles behind agentic systems.
Who this is for: Organisations exploring AI adoption who want to proceed with proper controls and governance in place
See full detail →How we contract and bill — block hours, retainer, project, and advisory engagements.
Who this is for: Organisations at any stage — from a single project to a fully managed relationship
See full detail →The list above is deliberately comprehensive - clients should be able to see the full scope of what we do. But the list does not capture how we work, which matters more than what we do.
We operate by documented disciplines, policies, processes, procedures, and operating notes, that we apply to our own organisation as well as to our clients’. We document before, during, and after every change. We do not implement workarounds. We do not sell what we have not tested ourselves.
We will sometimes ask harder questions than the immediate task requires. A client asks for a new firewall rule; we ask why the rule is needed and what it changes about the risk picture. A client asks for a server to be provisioned; we ask what data it will hold and how it will be backed up. This is the practice working as intended, and it is why we work best with clients who want a partner who thinks alongside them.
If price is the primary decision factor, we are probably not the right fit. If you are weighing the relationship, the discipline, and the longer view, we should talk.
We have practical experience across manufacturing, insurance, finance, legal, and retail. These are the sectors where we have implemented information security management systems, operated technology environments, and worked with clients through compliance and continuity events.
We do not specialise to the exclusion of other sectors, but new engagements start with a careful conversation, because familiarity with a sector is part of what makes the work effective.
The fastest way to start is a conversation. Tell us a bit about your business, what you are working on, and what you are weighing. We will read it carefully and reply.
Send a message →