SP

Security Projects

Not every organisation needs an ongoing subscription. Some require expert support for a specific challenge, technical implementation, or urgent compliance deadline. Our project-based engagements provide dedicated, outcome-driven delivery across the full spectrum of information security, governance, compliance, and operational resilience.

Contact us

What we can deliver

Whether you are building an ISMS from scratch, preparing for certification, implementing new security tooling, developing documentation, or validating your environment through testing, we scope, execute, and deliver projects with precision.


Project-based engagements are ideal for organisations that need fast, targeted results, have defined projects or deliverables, or want to strengthen specific areas of their security programme without long-term commitments.

High-impact strategic and architectural initiatives.

  • Information Security Program development
  • Secure infrastructure and cloud architecture design
  • Strategy & business alignment workshops
  • MCR/DCR requirements strategy
  • 1–3 year security roadmaps
  • Security investment & budget planning
  • Security team & talent strategy
  • Mergers & acquisitions due diligence (technical & compliance)
  • Tools & vendor optimisation / consolidation
  • Risk methodology & framework development
  • Security training programme design

Focused compliance and governance delivery.

Governance

  • Complete policy and standards development
  • Regulatory and contractual alignment
  • Role & responsibility mapping
  • Data governance (ownership, sharing, privacy)
  • Conflict of interest management
  • Metrics, dashboards & reporting design
  • IT/OT/IoT/IIoT governance frameworks
  • Supplier governance and oversight models
  • Board reporting and board-level presentations

Risk Management

  • Full risk assessments (enterprise-wide, asset-based, threat-based)
  • Vendor risk management programme setup
  • Third-party risk management (TPRM) frameworks
  • Risk dashboards and reporting automation

Compliance & Audits

  • ISO 27001 implementation projects (from zero to certification)
  • NIS2, DORA, SOC 2, GDPR implementation
  • Compliance documentation development
  • Internal audit programmes
  • Control effectiveness evaluations
  • Regulatory reporting readiness
  • Continuous improvement management

Legal assistance

  • Data discovery and classification
  • Security requirements in vendor/client contracts
  • Data retention architecture

Technical uplift, engineering integration, and operational enhancement.

  • Threat prevention and detection capability build-out
  • SIEM/SOAR deployment and tuning
  • EDR rollout and configuration
  • Vulnerability management redesign
  • Incident response plan development & tabletop exercises
  • Training delivery (awareness, technical, executive)
  • BYOD & secure remote work programmes
  • Secure client and vendor onboarding processes
  • Secure project lifecycle design
  • SDLC & DevSecOps integration (SAST/DAST/Secrets scanning)
  • IAM uplift (SSO, MFA, PAM, JML automation)
  • Trust Portal / Trust Center development

Essential readiness and verification support, without deep technical testing.

  • Internal audit (as listed in GRC) with security control validation
  • Support preparing for certification or surveillance audits
  • Light review of supplied reports (pen tests, vendor SOC2 reports, etc.)
  • Guidance on interpreting findings from external assessments or tools