Foundations in days

Enterprise-grade security & compliance foundations. Delivered in days.

We turn scattered policies, controls and evidence into a coherent baseline that fits your existing tools, so you can handle customer due diligence and compliance requirements without enterprise consulting fees.

Works with Vanta/Drata and your existing policies and evidence store. No tool replacement required. No system access needed.

Request services See sample deliverables Services
When this matters
  • An enterprise deal is blocked by security questionnaires or due diligence.
  • You need an ISO 27001 or SOC 2 baseline quickly (SoA, control narrative, evidence plan).
  • NIS2 or GDPR is forcing you to formalise governance, ownership and proof.

Not a GRC tool. Not templates to download. Not an MSP taking over operations.

A fast baseline builder for procurement reviews, certification programmes, and regulatory pressure. Fixed scope, delivered remotely in days.

See the baseline structure (redacted samples)

Inspect redacted samples to see structure, consistency, control narrative, and how evidence is organised.

See sample deliverables

Fixed scope, predictable delivery

Each engagement has a concrete artefact list and a controlled revision loop.

Services

Quality is a system

QA checklist, mapping completeness checks, and structured delivery. Not “best effort”.

Process and QA

Find your starting point

Fixed-scope foundation sprints that turn scattered work into a coherent, operational baseline.

Express Foundation Sprint

Fast foundation sprint for one requirement set

€1,200
2 to 5 business days 8 to 12 core docs 2 rounds

Best when you need reviewer ready basics quickly.

Request services Services

Core Foundation Sprint

Operational baseline under a real deadline

Most popular
€2,500
5 to 10 business days About 20 docs plus mappings 2 rounds

Best when an audit window, enterprise deal, or regulator deadline is on the line.

Request services Services

Dual-Framework Foundation Sprint

Two requirement sets in one coherent system

From €5,000
5 to 10 business days About 30 to 40 docs (crosswalk) 2 rounds

Best when you need two requirement sets without duplicated work.

Request services Services

Enterprise Custom

Regulated or complex organisations with bespoke scope

From €10,000
Scoped on call Defined in scope Defined in scope

Best when scope must be designed around your environment and stakeholders.

Request services Services
Find your starting point

Not sure where to start?

Pick the requirement set, your deadline, and what triggered the work. We will recommend the right foundation sprint.

See sample deliverables

Choose options and click “Request services”.

See sample deliverables

Four key artefacts from a redacted baseline sample. Download and inspect.

Download
Policy excerpt
Redacted, audit-style structure with ownership and versioning.
Download
Traceability matrix
How requirements map to artefacts, owners, and evidence.
Download
Evidence register
Concrete evidence prompts you can actually collect.
Download
Incident reporting workflow
A practical workflow and templates that turn policy into action.
View all samples

How delivery works in practice

A simple, repeatable flow with clear inputs and controlled revisions.

Day 0 to 1
Intake and scope confirmation. We align on framework expectations, owners, and constraints.
Days 2 to 10
Tailor policies and procedures to your tools and processes. Build mappings and evidence prompts.
Revisions + handover
Minor revisions within fixed scope, then editable docs plus reviewer-friendly PDFs.

What do others say? Three common scenarios.

Example scenario

SaaS CTO closing an enterprise deal

Situation: A prospect’s security review blocks signature. The team has controls in place, but documentation is scattered.

Delivered: Core Foundation Sprint plus mapping workbook and evidence index. Implementation notes focus on reviewer questions and evidence cues.

Result: A coherent, reviewer-ready story that reduces back-and-forth and speeds procurement.

Example scenario

IT lead with an ISO 27001 audit window

Situation: Audit date is set. Owners and approvals exist, but policies and procedures are incomplete or inconsistent.

Delivered: ISO 27001 aligned suite with ownership fields, review cadence, and an evidence plan tied to real tools.

Result: Documentation becomes a rollout plan, not a binder. Teams know what to do next.

Example scenario

Preparing for NIS2 scope and evidence expectations

Situation: Regulatory scope is confirmed. Policies exist, but ownership and evidence expectations are unclear.

Delivered: Core Foundation Sprint aligned to NIS2-oriented operational baseline plus an evidence plan tied to real tools and owners.

Result: Clear responsibilities and evidence cues that reduce risk of last minute scramble.

Request services Services