Services

Named engagements.
Defined scope. Real deliverables.

Not a service catalog. Actual products with documented methodology and clear deliverables. Security and privacy is the conversation starter. AI governance is the immediate opportunity. Quantum readiness is what separates forward-looking organizations from reactive ones.

Practice Areas

Three areas. Sixteen named services.

01

Security, Privacy & vCISO

The foundation every other service builds on. Fractional security leadership, GRC program design, and privacy compliance for organizations that need enterprise-grade posture without the full-time overhead. This is where most engagements start — and where they stay.

  • Fractional vCISO — security leadership, board reporting, vendor oversight
  • GRC program design, gap assessment, and implementation
  • Privacy compliance — GDPR, HIPAA, CCPA, LGPD, NDPA, PDPA
  • Third-party and vendor risk management programs
  • Security policy development and review
  • Incident response planning and tabletop exercises
  • Security awareness training
Start here →
02

AI & Data Governance

Every organization is adopting AI. Most don't have the governance frameworks to make it defensible to regulators, enterprise buyers, or boards. We build the compliance structure, documentation, and oversight mechanisms that make AI adoption sustainable rather than just fast.

  • AI governance program design — NIST AI RMF, EU AI Act, ISO 42001
  • GDPR Article 22 and EU AI Act Annex III compliance
  • DPIA methodology and templates for AI deployments
  • Data classification, lineage, and minimization frameworks
  • AI vendor assessment and procurement governance
  • Cross-border data transfer governance for AI training pipelines
Govern your AI →
03

Quantum Readiness & CBOM

NIST published the post-quantum standards in August 2024. The 2030 deprecation deadline is set. What most organizations are missing isn't the technical path — it's the governance infrastructure: the inventory, the vendor engagement program, the migration roadmap, and the board briefing that gets it funded.

  • Cryptographic Bill of Materials (CBOM) audit — CycloneDX/ECMA-424 standard
  • Long-secrecy asset mapping — HNDL risk by data category and retention horizon
  • PQC migration roadmap — NIST IR 8547 and NSA CNSA 2.0 milestones
  • Vendor PQC readiness assessment and engagement program
  • Fractional Quantum PMO — program management through migration
  • Board briefing framework — quantum risk and financial exposure
Assess your exposure →
Engagement Model

Two ways to work together.

Both built for organizations that need governance to stick — not documentation to file.

Tier 1 — Fixed Fee
The Governance Sprint
4–6 weeks · $15,000–$25,000

A scoped, time-boxed engagement with defined deliverables. Best for organizations with a specific compliance gap, deadline, or procurement requirement to satisfy. Common sprint types:

  • CBOM Audit + PQC Migration Roadmap
  • EU AI Act Annex III Compliance Sprint
  • Privacy Program Design (GDPR, LGPD, NDPA)
  • Enterprise Trust Pack for startup procurement readiness
  • Vendor Risk Assessment Program Setup
Tier 2 — Monthly Retainer
Fractional Sovereign GRC
Ongoing · $3,500–$6,000/month · 10–15 hours

Ongoing governance leadership for organizations managing multi-year compliance programs, expanding into new markets, or navigating evolving regulatory obligations. Best when you need a trusted advisor, not a one-time deliverable.

  • Enterprise deal desk support — join procurement review calls
  • PQC and AI compliance milestone tracking
  • Continuous cross-border privacy governance
  • Board and executive reporting on security posture
  • Vendor questionnaire support and advisory
Featured Offering
The Enterprise Trust Pack

Built for B2B startups losing enterprise deals because procurement teams are demanding PQC roadmaps, CBOMs, privacy compliance documentation, and AI governance frameworks. The Enterprise Trust Pack delivers all of it in a 4–6 week sprint: pre-written responses to enterprise security questionnaires, a documented PQC roadmap through 2030, and a privacy governance structure that passes vendor review on the first attempt. Deal desk support included.

Get the Trust Pack

Not sure which
engagement fits?

A 30-minute call is enough to figure out whether a sprint or a retainer makes sense, and which practice area addresses the most urgent issue.

Book a Discovery Call Send an Email First