typical engagement: 4–8 weeks · fixed fee

stage · 01assess

the look-hard part.

We come in narrow, look hard, and leave you with a defended posture and the evidence to prove it. Anything you can assess — security framework readiness, cost, risk, configuration, detection coverage — sits inside Assess.

nist 800-53 dlp / purview soc review sentinel cost audit technical review

▼

01what sits in assess

look hard.
leave the evidence.

Every assessment ends in two artefacts: a private findings report for the leadership team, and an auditor-facing evidence pack mapped to whatever framework you're held to. Both written by the consultants who did the work.

capability · 01

framework readiness

NIST 800-53, ISO 27001, CIS, SOC 2 — pick your framework, we map control-by-control and produce the evidence pack in the format the auditor expects.

nist 800-53 r5 mapping
iso 27001 readiness
cis benchmark scoring
auditor-facing evidence pack

capability · 02

data protection posture

Purview-led DLP posture. Where regulated data lives, how it moves, whether sensitivity labels are applied, whether enforcement matches your declared intent.

data classification audit
label + dlp policy gap analysis
egress evidence trail

capability · 03

soc & detection review

Detection coverage against MITRE ATT&CK, ingestion sanity (cost vs. value), alert quality, runbook coverage, on-call burden. What your SOC catches — and what it quietly misses.

mitre att&ck coverage map
ingestion cost-to-value ranking
alert + runbook audit

capability · 04

technical & cost audits

Architecture and configuration review across Microsoft Entra, Sentinel, Defender, Purview. Sentinel ingestion-cost audits to set the baseline for any cost-reduction work in Build.

tenant architecture review
configuration drift findings
sentinel cost baseline
scoped custom assessments

02packages

three shaped assessments.
fixed scope, fixed fee.

Starting prices assume standard tenancy complexity. First call shapes the exact scope and we issue a fixed-fee proposal against it. We don't charge by the day.

· fixed scope · fixed fee · milestones not hours

pkg · 01

dlp readiness review

£28kfixed · 4 weeks · gbp · ex vat

4 weeks · 2 milestones

Purview-led data protection posture. Where regulated data is, where it shouldn't be, and whether enforcement matches your labels.

label + policy gap analysis
data egress evidence
prioritised remediation plan
auditor-facing summary

pkg · 02 · most chosen

nist 800-53 readiness

£56kfixed · 8 weeks · gbp · ex vat

8 weeks · 3 milestones

Full control assessment against the families your auditor will sample. Gap analysis, remediation roadmap, audit-ready evidence pack.

full 800-53 r5 control mapping
prioritised remediation roadmap
auditor-facing evidence pack
leadership read-out session

pkg · 03

soc effectiveness review

£42kfixed · 5 weeks · gbp · ex vat

5 weeks · 3 milestones

Detection coverage, ingestion sanity, alert quality, runbook audit. Tells you what your SOC catches — and what it doesn't.

mitre att&ck coverage map
ingestion cost-to-value ranking
alert + runbook audit
on-call burden analysis

All packages are billed against milestones, net 14 from acceptance. Travel within the UK is included. Scoped custom assessments outside the packages above are quoted per opportunity.

03proof

three engagements.
three audit windows met.

Anonymised on purpose — references available under NDA at the second call. Come in narrow, find what matters, leave the evidence pack.

healthcare

nist 800-53 readiness, eight weeks before the window opened

Mid-market healthcare group. AC / AU / SI control families fully unmapped to evidence. Pack delivered on week seven; audit closed without finding.

0 findings raised
against mapped controls

financial services

dlp posture review — labels existed, enforcement didn't

UK challenger bank. Purview deployed, sensitivity labels applied, no DLP policies enforcing them. Gap mapped, policy candidates drafted for their team to implement.

14 policy candidates
signed off & staged

manufacturing

soc effectiveness review — quiet alerts, loud invoice

Mid-market manufacturer. Sentinel ingestion ranked by rule-fire ratio; 41% of monthly volume tied to rules that hadn't fired in 90 days. Coverage gaps on lateral-movement TTPs surfaced and queued.

£480k annualised
ingestion saving
identified

audit on the calendar? let's get it boring.

Tell us the framework, the window and the scope on the first call. We'll come back inside a week with a fixed-fee proposal sized to the audit — and a delivery plan that lands the evidence pack before the auditor walks in.

book a first call see all stages