SFA

Security Functions | Advanced

For organisations operating with increasing technical complexity, expanding regulatory obligations, and heavier reporting needs, where security may sit with a less senior security role that now needs expert guidance, or with multiple teams that lack such a role.

Contact us

Who is this for

Ideal for companies facing growing technical or organizational complexity, needing a continuous security function supporting higher maturity and eventual C-level leadership. Following is an overview of the services included.

We provide senior guidance, governance and hands-on support to run your security program at high maturity, keeping your ISMS effective, audit-ready and aligned with standards and regulations like ISO, GDPR, DORA, NIS2, or SOC2.

Pricing and terms

  • Setup fee: 4.000 EUR (one time)

  • Monthly fee: 4.000 EUR

  • Included hours: 40 hours per month

  • Subscription period: 12 months

Trial period

Our subscription runs on a 12-month cycle, but the first 3 months function as a trial period. During this time, you can evaluate the collaboration and the value it delivers. If the service does not meet your expectations, you may stop the engagement at any point within those first 3 months, no further commitment required.

What is included

  • Everything in Foundation plus:

    • Monthly security governance meetings (instead of quarterly)

    • Ongoing planning and prioritisation across teams (IT, DevOps, product)

    • Monthly progress reporting on risk, compliance, and control status

    • Guidance for integrating security into change, architecture, and release planning

    • Support aligning security objectives with business and regulatory requirements

  • Everything in Foundation plus:

    • Continuous compliance management (ISO 27001, SOC2, NIS2, DORA, GDPR)

    • Monthly evidence collection, review, and maturity tracking

    • Management of corrective actions and remediation follow-up

    • Continuous updates to policies, procedures, and ISMS documentation

    • Monthly updates to ISMS registers (risk, assets, vendors, incidents, controls)

    • Support responding to customer and regulator due diligence requests

    • Certification body and external auditor coordination (if applicable)

    • Quarterly assurance checks on selected controls or processes

  • Everything in Foundation plus:

    • Oversight of identity and access lifecycle processes (JML, access reviews)

    • Vulnerability and patch management oversight (cadence, prioritisation, reporting)

    • Review and improvement of logging/monitoring coverage and data quality

    • Security input into operational workflows (change, deployment, configuration)

    • Monthly review of operational controls and process maturity

    • More frequent external attack surface scans and contextualised risk interpretation

  • Everything in Foundation plus:

    • Audit readiness support for external certification, surveillance, and regulatory audits

    • Review of technical testing outcomes (pentest, code scan, cloud review reports) with prioritised remediation guidance

    • Preparation for customer or partner security assessments

    • Quarterly validation of control effectiveness across selected domains