Cybersecurity & audits
OWASP, CIS, NIST — Security by Design, threat modelling, audits, GDPR, NIS2, ISO 27001.
Security by Design, threat modelling and Zero Trust architecture
We design and audit IT environments using recognised frameworks and standards: OWASP (Top 10, ASVS, SAMM), CIS Benchmarks, the NIST Cybersecurity Framework (CSF) and NIST SP 800-53 controls, plus GDPR, the NIS2 Directive and ISO 27001 (including ISMS design and maturity).
Security and resilience audits
Comprehensive IT security audits — technical analysis, organisational maturity and effective risk management across the system lifecycle.
Scope:
- vulnerability, configuration and infrastructure hardening reviews (including CIS Benchmarks),
- application and API security (OWASP Top 10, architecture review, SAST/DAST where appropriate),
- threat modelling and architecture assessment (STRIDE, segmentation, Zero Trust),
- control mapping to NIST CSF and ISO 27001 Annex A,
- regulatory compliance verification (GDPR, NIS2, ISO 27001),
- resilience testing, incident exercises and simulations,
- recommendations, roadmaps and prioritised remediation.
Goal: environments resilient to threats, compliant with regulations and ready for external audits and evolving risk.
Who it is for
For organisations building or operating critical systems (SaaS, healthcare, fintech, public sector), preparing for ISO 27001 / NIS2 audits, or needing to mature AppSec and infrastructure before scaling.
Why work with us
Framework-led, not a one-day checklist
Controls mapped to OWASP, CIS, NIST CSF and ISO 27001 Annex A — you get a prioritised roadmap, not only a PDF.
Security by Design across the lifecycle
Threat modelling (STRIDE), segmentation, Zero Trust and security requirements at architecture stage — before costly post-release fixes.
Regulatory readiness
Support for GDPR, NIS2 and ISMS build-out — language that works for leadership and engineering alike.
Code One audit practice
Experience from our own products and client engagements — recommendations sized to your pace and budget.
What you get
- Findings report and recommendations (technical + executive summary)
- Risk matrix and prioritised remediation plan
- Control mapping to selected standards (OWASP / CIS / NIST / ISO)
- Threat modelling workshop for key data flows
- Infrastructure and cloud hardening checklists
- Incident exercise or resilience test plan (scope as agreed)
- Optional: remediation support and re-verification (retest)
Engagement formats
Focused audit (2–4 weeks)
Rapid assessment of one area: application, API, cloud or process — ideal before release or due diligence.
Full environment audit
Infrastructure + applications + organisation — maturity and compliance view for NIS2 / ISO 27001.
Security architecture review
Documentation and diagram review, dev/ops sessions, Zero Trust architecture recommendations.
ISMS / NIS2 programme kick-off or internal audit
Scope, policies and evidence preparation for certification or external audit.
Training and awareness
OWASP Top 10, secure SDLC or GDPR workshops for product teams — can complement an audit.