Point-in-time engagements and ongoing programmes delivered by identity security specialists. Every service produces actionable evidence — for your team, your auditors, your board, or your insurer.
Cyber Essentials Certified ICO Registered ZC031428 SOC 2 Type II in progress UK-based team
Every engagement is scoped to your situation — not retrofitted from a generic template. All work is done remotely. No agents installed. No changes made without your instruction.
Control-to-evidence mapping for SOC 2, ISO 27001, DORA, NIS2 and Cyber Essentials. Includes a gap register and audit-exposure summary.
Structured evidence package for underwriters and insurers. Documents MFA enforcement, privileged separation, logging capability, and recovery readiness.
Pre-transaction identity risk assessment for mergers, acquisitions, and integrations. Privilege inheritance risk, directory complexity, and regulatory-control gaps with estimated integration-risk cost range.
Briefings, tabletop simulations, and exposure assessments that translate identity risk into business language for directors, trustees, and non-technical leadership.
Enriches SOC detections with identity context, privileged-pathway visibility, and service-account risk indicators. Also covers non-human identities and adversarial stress testing.
Sustained identity assurance across 12 months — baseline assessment, drift monitoring, privilege reduction, and governance uplift with scheduled reviews and milestones.
Every engagement is a named, scoped deliverable — not a vague retainer. Contact us to discuss which service fits your situation.
Regulatory alignment for identity controls mapped to NIS2, DORA, and ISO 27001. Control-to-evidence mapping, evidence-strength scoring, a gap register, and audit-exposure summary.
Detailed assurance review of MFA and conditional access policy coverage. Identifies exclusions, legacy authentication exposure, and exception risk. Evidence outputs for auditors, insurers, and governance stakeholders.
Identity controls readiness review aligned to Cyber Essentials expectations. Validates admin separation, MFA coverage, cloud identity boundary clarity, and conditional access logic.
Insurance-focused evidence package for identity controls. Documents MFA enforcement, privileged separation, logging and response capability, and recovery readiness. Sets out a practical gap-remediation plan for underwriting or renewal discussions.
Over 80% of breaches involve compromised credentials or identity misuse. Insurers now require evidence of MFA coverage, privileged account governance, and detection capability before binding cover or at renewal. The Insurance Readiness Pack gives you exactly what they need.
Learn more →Pre-transaction identity due diligence for mergers and acquisitions. Assesses privilege inheritance risk, trust-relationship exposure, directory consolidation complexity, and regulatory-control gaps — with an estimated integration-risk cost range.
Commercial and security review of licence assignment and access entitlements. Produces role-to-licence mapping, over-provisioned access findings, savings estimate, and a staged decommission or right-sizing plan.
Board-level review of identity risk across AD, Entra ID, cloud IAM, and key trust relationships. Delivers exposure scoring, privileged concentration analysis, non-human identity visibility, and a clear 90-day action plan.
Executive briefing on identity as a business risk and control issue. Covers current threat patterns, governance implications, and concrete decision options for follow-on assessment or programme investment.
Facilitated executive tabletop on a realistic identity-compromise scenario. Walks through attack progression, lateral movement, financial-system exposure, regulatory response timing, and communications escalation.
Identity intelligence layer for MSSP and SOC operations. Enriches detections with identity context, privileged-pathway visibility, and service-account risk indicators to improve triage speed and response prioritisation.
Focused review of service accounts, service principals, and application identities. Maps ownership, authentication patterns, credential-rotation posture, and blast radius if non-human credentials are compromised.
Structured stress test of identity controls using realistic attack paths. Simulates privilege escalation, conditional-access bypass attempts, service-account abuse, and trust-boundary exploitation — with remediation priorities.
12-month delivery programme providing structured identity assurance. Covers baseline assessment, drift monitoring, privilege reduction, and governance uplift with scheduled reviews, measurable milestones, and prioritised remediation tracking.
Assesses and proves an organisation's ability to withstand and recover from identity compromise across on-prem, cloud and SaaS environments. Establishes trusted baselines, tests backup and restore processes, validates privileged access recovery paths.
Public-facing identity maturity publication designed to show high-level control trends and risk posture. Useful as an entry benchmark before a deeper, paid peer-comparison assessment.
Every service follows the same principles — scoped to your environment, delivered remotely, evidence-first output.
30-minute call to understand your environment, timeline, and specific requirements. No obligation.
Written proposal with clear deliverables, timeline, and fixed price. No hourly billing surprises.
All work completed remotely using read-only access. IdentityFirstMRI used as the assessment engine where applicable.
Structured output — PDF report, evidence files, and remediation roadmap — ready for your team, auditors, or insurer.
IdentityFirstMRI, IdentityFirst Core, IdentityFirst Enhanced, and the Resilience Benchmark are subscription software products you license and operate.
The services on this page are expert-led engagements scoped to your specific situation — point-in-time or programme-based.
Book a 30-minute no-obligation call. We'll ask about your environment, your timeline, and what you're trying to achieve — then recommend the right engagement or tell you honestly if we're not the right fit.
Book a Scoping Call