Fixed-scope identity security engagements with defined outputs. Clear scope, transparent pricing, evidence you can use immediately.
Scoped reviews that produce evidence-grade outputs — suitable for auditors, insurers, and governance stakeholders.
Detailed assurance review of MFA enforcement and conditional access policy coverage. Identifies exclusions, legacy authentication exposure, and exception risk — then produces evidence outputs suitable for auditors, insurers, and governance stakeholders.
Focused review of service accounts, service principals, and application identities. Maps ownership, authentication patterns, credential-rotation posture, and blast radius if non-human credentials are overprivileged or compromised.
Commercial and security review of licence assignment and access entitlements. Produces role-to-licence mapping, over-provisioned access findings, a savings estimate, and a staged decommission or right-sizing plan.
Insurance-focused evidence package for identity controls. Documents MFA enforcement, privileged separation, logging and response capability, and recovery readiness — sets out a practical gap-remediation plan for underwriting or renewal discussions.
Identity controls readiness review aligned to Cyber Essentials expectations. Validates admin separation, MFA coverage, cloud identity boundary clarity, and conditional access logic to support cleaner certification preparation.
Control-to-evidence mapping and gap registers aligned to NIS2, DORA, ISO 27001, and M&A identity obligations.
Regulatory alignment engagement for identity controls mapped to NIS2, DORA, and ISO 27001. Provides control-to-evidence mapping, evidence-strength scoring, a gap register, and an audit-exposure summary.
Pre-transaction identity due diligence for mergers and acquisitions. Assesses privilege inheritance risk, trust-relationship exposure, directory consolidation complexity, and regulatory-control gaps with an estimated integration-risk cost range.
Identity intelligence layer for MSSP and SOC operations. Enriches detections with identity context, privileged-pathway visibility, and service-account risk indicators to improve triage speed and response prioritisation.
Structured testing, recovery validation, and simulation exercises that expose what an assessment alone cannot.
Structured stress test of identity controls using realistic attack paths. Simulates privilege escalation, conditional-access bypass attempts, service-account abuse, and trust-boundary exploitation — with remediation priorities.
Assesses and proves an organisation's ability to withstand and recover from identity compromise or failure across on-prem, cloud, and SaaS environments. Establishes trusted baselines, tests backup and restore processes, and validates privileged access recovery.
Quarterly benchmark showing whether identity risk is improving or drifting. Tracks privileged identity density, drift velocity, service-account governance maturity, and concentration ratio — with quarter-on-quarter and year-on-year trend reporting.
Public-facing identity maturity publication designed to show high-level control trends and risk posture. Useful as an entry benchmark before a deeper, paid peer-comparison assessment.
Evidence packs and simulation exercises designed for C-suite and board-level consumption — not technical reports reworded for leadership.
Board-level review of identity risk across AD, Entra ID, cloud IAM, and key trust relationships. Delivers exposure scoring, privileged concentration analysis, non-human identity risk visibility, and a clear 90-day action plan for executive decision-making.
Facilitated executive tabletop on a realistic identity-compromise scenario. Walks through attack progression, lateral movement, financial-system exposure, regulatory response timing, and communications escalation — with a post-exercise action register.
Executive board briefing on identity as a business risk and control issue. Covers current threat patterns, governance implications, and concrete decision options for follow-on assessment or programme investment.
Longer-horizon programmes with milestones, governance checkpoints, and measurable uplift.
12-month delivery programme providing structured identity assurance. Covers baseline assessment, drift monitoring, privilege reduction, and governance uplift — with scheduled reviews, measurable milestones, and prioritised remediation tracking.
IdentityMRI, IdentityFirst Core, and IdentityFirst-Enhanced are software subscriptions — continuous identity discovery, risk scoring, and enforcement across 40+ platforms. Monthly and annual plans available.
Fixed scope, fixed price. No retainers, no surprise invoices.
Buy directly via card, or contact us first for a scoping call before committing.
30 minutes to confirm environment size, access requirements, and any compliance context.
We confirm the scope, agree access methods, and schedule delivery milestones.
We do the work and hand over evidence-grade outputs you can use immediately.
Need to invoice? All services can be purchased by invoice or purchase order. Contact us before checkout and we'll arrange payment by BACS. Request an invoice →
Tell us your situation and we'll recommend the right engagement — no sales pitch, just a straight answer.