A consistent way of working, regardless of engagement type
Whether the engagement is ISO certification, a penetration test, SOP improvement, or a digital product build, we follow the same six-step structure.
How an engagement unfolds
- 01Discover
We start by understanding your organization's actual operating context — regulatory obligations, current systems, prior audit history, and the specific outcome you need. This phase typically involves stakeholder interviews and a review of existing documentation rather than a generic questionnaire.
- 02Assess
We evaluate the gap between your current state and the target standard, regulation, or operational goal, whether that's an ISO clause, a regulatory control, a security posture, or a process inefficiency. The output is a concrete, prioritized list of gaps rather than a vague maturity score.
- 03Plan
Gaps are translated into a realistic roadmap with sequencing, ownership, and timelines that account for your organization's actual resourcing — not an idealized project plan. We flag dependencies between workstreams (e.g. SOP work feeding into a later system build) early.
- 04Implement
We build or document what the plan calls for — policies, SOPs, control matrices, dashboards, or working systems — iteratively, with regular check-ins so issues surface early rather than at final delivery. Where useful, we work alongside your internal team rather than purely handing off deliverables.
- 05Validate
Before anything goes live or gets submitted to a regulator or certification body, we test it against real scenarios: a mock audit, a penetration retest, a simulated data subject request, or a walkthrough of the new SOP with the people who will actually use it.
- 06Support
Compliance and systems work doesn't end at sign-off. We provide ongoing advisory through surveillance audits, regulatory cycles, or system enhancements, so the work stays current as your organization and the regulatory environment evolve.
Common questions about how we work
Ready to start with Discover?
Tell us about your organization and we'll scope the right engagement structure.
Start Consultation