Services
Six engagements.
One outcome — audit-ready.
Pick the framework your customers, auditors, or board is asking for. Every engagement runs through the same four-stage process: assess, design, implement, sustain.
All engagements
Choose your
framework.
IT Risk Assessment
Identify, rate & prioritise
A structured assessment of your IT control environment and risk landscape, before you commit to a framework. We identify gaps, rate risks, and map the most efficient path forward.
SOC 2 Readiness
Type I & Type II
The framework buyers ask for first. Prepare for Type I certification and map a clear path to Type II observation with auditor-ready evidence from day one.
SOC 1 Readiness
SSAE 18 Type I & Type II
For service organizations whose controls affect their customers' financial reporting. We bridge the gap between your team and the CPA firm issuing the report.
ISO 27001 Implementation
Stage 1 + Stage 2 certification readiness
From gap assessment through Statement of Applicability, ISMS design, Annex A controls, and Stage 1/Stage 2 auditor support.
SOX IT Controls
ITGC scoping, design & auditor liaison
ITGC scoping, control design, walkthrough preparation, deficiency remediation, and PCAOB-ready evidence packages. Delivered before your auditors arrive.
ITGC Advisory
Internal audit support & co-source
Risk-based scoping across access management, change management, IT operations, and SDLC, built around your internal audit calendar.
Framework comparison
Not sure which one
you need?
Most clients need one framework urgently and one on the roadmap. This table shows the trigger, timeline, and outcome for each. If your situation spans multiple frameworks, we'll sequence them.
| Framework | Typical trigger | Who it's for | Timeline | Outcome |
|---|---|---|---|---|
| IT Risk Assessment → | No framework yet, internal audit trigger | Any organization | 4–6 weeks | Risk register, gap analysis, roadmap |
| SOC 2 → | Enterprise customer request | SaaS / tech | 10–12 weeks | Type I or Type II report |
| SOC 1 → | Customer audit letter, contract | Financial service orgs | 6–10 weeks | SSAE 18 report |
| ISO 27001 → | International customers, procurement gate | International / regulated | 4–6 months | ISO certificate |
| SOX IT (ITGC) → | IPO, audit committee, PCAOB | Pre-IPO / public | 8–16 weeks | Auditor-ready control matrix |
| ITGC Advisory → | Internal audit, risk program | Any sector | Project-based | Controls documentation |
Not sure? Book a call — we'll tell you which framework to prioritize and in what order. Book a call →
Pick a framework.
Let's get started.
Book a free consultation. We'll look at where you are, where you need to be, and send a fixed-fee proposal within 48 hours.
Fixed-fee proposals in 48 h