SERVICES

Eight service lines, scoped to run alone or together

Each service below can be engaged as a fixed-scope project. Reference codes follow the same convention used in the control documentation and SOPs produced for clients.

GRC-01

Gap and maturity assessment

A structured assessment of your current security practices, policies and technical controls against a chosen framework, such as ISO/IEC 27001 or NIST CSF. The output is a maturity score per domain, a gap list and a prioritised roadmap that your team can act on without needing to interpret the framework themselves. This is typically the first phase of the Journey to Green maturity programme.

  • Interviews with process and control owners
  • Evidence review against the chosen framework
  • Maturity scoring by domain
  • Written report with a prioritised roadmap
RSK-02

Strategy and risk management

A security strategy and risk register built around your business risk, not a generic template. Risks are identified, rated and assigned an owner, and the resulting roadmap sets out what to address first, based on exposure rather than on what is easiest to fix.

  • Risk identification and rating workshops
  • Risk register with named owners
  • Multi-year security strategy and budget input
  • Board or exco-ready reporting pack
DET-03

Threat detection and incident response

Detection use cases and incident response plans built around the log sources and tools you actually have, not a theoretical stack. This covers escalation paths, roles during an incident, and tabletop exercises to test the plan before it is needed for real.

  • Use case design mapped to available log sources
  • Incident response plan and escalation matrix
  • Tabletop exercises with your response team
  • Post-incident review support
VAP-04

Vulnerability assessment and penetration testing

Testing scoped to your systems, applications and network, with findings ranked by what an attacker could actually reach and exploit. Reports are written for both technical teams and management, with clear remediation steps rather than a raw scanner output.

  • External and internal vulnerability assessment
  • Scoped penetration testing
  • Findings ranked by exploitability and impact
  • Remediation support and re-testing
AWA-05

Security awareness training

Training content and sessions built around the scenarios your staff are likely to face, in the language and tone that fits your organisation. This includes phishing scenarios, POPIA-relevant data handling, and role-specific guidance for finance, HR and executive teams who carry higher risk.

  • Role-based training content
  • Phishing simulation design
  • Executive and board briefings
  • Awareness campaign materials
CMP-06

Compliance and regulatory support

Practical support to meet POPIA, ISO 27001, PCI DSS and sector-specific requirements, with documentation written the way an auditor expects to see it: policies, procedures, RACI matrices and evidence packs that hold up under review, not just under internal sign-off. Reporting can be structured through the G-RISE governance framework where a board or regulator needs to see the evidence.

  • Policy and procedure development
  • POPIA compliance support
  • ISO 27001 documentation and audit preparation
  • RACI matrices and deliverables tracking
ARC-07

Security architecture review

A review of network, systems and control architecture as it is actually implemented, including network segmentation, access control and monitoring coverage. Recommendations are practical and sequenced, so the highest-impact changes are addressed first.

  • Network and system architecture review
  • Network segmentation methodology
  • Access control and identity review
  • Sequenced remediation recommendations
CSO-08

Virtual CISO (vCISO)

Ongoing security leadership on a part-time or retained basis: strategy, risk oversight, policy governance, incident escalation and board or exco reporting, delivered through the G-RISE reporting framework, without the cost of a full-time executive hire. This works well for organisations past the point where security needs dedicated leadership but not yet at the scale of a permanent CISO role.

  • Security strategy and roadmap ownership
  • Ongoing risk and compliance oversight
  • Policy and governance programme management
  • Board and executive reporting

Not sure which service fits?

Describe the problem and we will recommend a scope, whether that is one service or a combination.

Get a recommendation
WhatsApp us