Vanta
Continuous compliance automation for SOC 2, ISO/IEC 27001, ISO/IEC 42001, HIPAA, and GDPR. We use it to stand up evidence collection, control monitoring, and audit readiness without drowning teams in spreadsheets.
Skills & tools
Platforms we know hands-on
Governance, security, and compliance only work when the tooling underneath actually fits the organisation. These are the platforms we deploy, tune, and audit — not in theory, in production.
Governance, risk & privacy
Where policy meets evidence
Continuous compliance, AI governance, privacy operations, and ethics & whistleblower management.
OneTrust
Privacy, AI governance, vendor risk, and consent management on one platform. We deploy and tune OneTrust modules for ROPA, DPIAs, AI inventory, third-party risk, and cookie consent.
Navex
Disclosure management and whistleblower reporting (EthicsPoint), policy management, and ethics & compliance training. We configure intake channels and case-management workflows that meet the EU Whistleblower Directive.
SecureAI
AI security and governance — model-risk discovery, red-teaming, and policy enforcement across LLM-powered workloads. We use it to inventory AI use, attach controls, and evidence ISO/IEC 42001 and EU AI Act obligations.
Security operations & detection
From alert to evidence
SIEM, SOAR, endpoint protection, and AI-assisted investigation — aligned to NIS2 and DORA incident-reporting timelines.
Microsoft Sentinel
Cloud-native SIEM and SOAR. We build detections, KQL hunting queries, and automation playbooks, and integrate them with the rest of the Microsoft Defender stack.
Microsoft Security Copilot
Generative-AI assistant for SOC analysts — incident summarisation, KQL drafting, threat-intel reasoning, and reverse-engineering support. We pilot it inside the governance guardrails of ISO/IEC 42001 and the EU AI Act.
Bitdefender GravityZone
Endpoint protection, EDR/XDR, and risk analytics for hybrid estates. We deploy it as part of essential-security baselines for SMB and mid-market clients that want strong defaults without a 24/7 SOC.
Data governance & productivity
Where the data actually lives
Classification, DLP, identity, and the day-to-day collaboration stack — the surface area auditors and regulators care about most.
Microsoft Purview
Data classification, DLP, insider risk, eDiscovery, and information protection across Microsoft 365 and beyond. We use it to map GDPR data flows, set retention, and enforce AI-data-handling boundaries.
Microsoft 365
Entra ID, Exchange, Teams, SharePoint, and the surrounding compliance and security configuration. We harden tenants, design conditional access, and align configurations to ISO/IEC 27001 and CIS benchmarks.
Device & collaboration management
The endpoints and the channels
Mobile device management for Apple fleets and the collaboration tooling that auditors review for retention, access, and incident traces.
Mosyle
Apple device management (MDM) for Mac, iPhone, and iPad fleets. We deploy zero-touch enrolment, app patching, and policy baselines for Apple-heavy organisations — particularly start-ups and design-led teams.
Atlassian
Jira, Confluence, and Atlassian Cloud — issue tracking, knowledge bases, and audit trails. We design project structures, permission models, and lifecycle automation that survive ISO and SOC 2 audits.
Slack
Workspace messaging with the DLP, compliance export, and integration plumbing that auditors care about. We configure retention, data-residency, and Enterprise Key Management for regulated organisations.
Need help picking the right stack?
We don't sell licences. We help you choose, deploy, and tune the tools that match your size, risk appetite, and regulatory exposure — and we audit what you already have.