SP

Security Projects

Not every organisation needs an ongoing subscription. Some require expert support for a specific challenge, technical implementation, or urgent compliance deadline. Our project-based engagements provide dedicated, outcome-driven delivery across the full spectrum of information security, governance, compliance, and operational resilience.

Contact us

What we can deliver

Whether you are building an ISMS from scratch, preparing for certification, implementing new security tooling, developing documentation, or validating your environment through testing, we scope, execute, and deliver projects with precision.

Project-based engagements are ideal for organisations that need fast, targeted results, have defined projects or deliverables, or want to strengthen specific areas of their security programme without long-term commitments.

  • High-impact strategic and architectural initiatives.

    • Information Security Program development

    • Secure infrastructure and cloud architecture design

    • Strategy & business alignment workshops

    • MCR/DCR requirements strategy

    • 1–3 year security roadmaps

    • Security investment & budget planning

    • Security team & talent strategy

    • Mergers & acquisitions due diligence (technical & compliance)

    • Tools & vendor optimisation / consolidation

    • Risk methodology & framework development

    • Security training programme design

  • Focused compliance and governance delivery.

    Governance

    • Complete policy and standards development

    • Regulatory and contractual alignment

    • Role & responsibility mapping

    • Data governance (ownership, sharing, privacy)

    • Conflict of interest management

    • Metrics, dashboards & reporting design

    • IT/OT/IoT/IIoT governance frameworks

    • Supplier governance and oversight models

    • Board reporting and board-level presentations

    Risk Management

    • Full risk assessments (enterprise-wide, asset-based, threat-based)

    • Vendor risk management programme setup

    • Third-party risk management (TPRM) frameworks

    • Risk dashboards and reporting automation

    Compliance & Audits

    • ISO 27001 implementation projects (from zero to certification)

    • NIS2, DORA, SOC 2, GDPR implementation

    • Compliance documentation development

    • Internal audit programmes

    • Control effectiveness evaluations

    • Regulatory reporting readiness

    • Continuous improvement management

    Legal assistance

    • Data discovery and classification

    • Security requirements in vendor/client contracts

    • Data retention architecture

  • Technical uplift, engineering integration, and operational enhancement.

    • Threat prevention and detection capability build-out

    • SIEM/SOAR deployment and tuning

    • EDR rollout and configuration

    • Vulnerability management redesign

    • Incident response plan development & tabletop exercises

    • Training delivery (awareness, technical, executive)

    • BYOD & secure remote work programmes

    • Secure client and vendor onboarding processes

    • Secure project lifecycle design

    • SDLC & DevSecOps integration (SAST/DAST/Secrets scanning)

    • IAM uplift (SSO, MFA, PAM, JML automation)

    • Trust Portal / Trust Center development

  • Independent assurance and technical verification.

    • Penetration testing & red team coordination

    • Technical configuration reviews (cloud, network, IAM, endpoint, logs)

    • Supplier security & TPRM assessments

    • External audit technical support

    • Audit readiness assessments (ISO, SOC2, DORA, NIS2)

    • Remediation validation and control effectiveness reviews