world-advisory-poster

Advisory

Senior leadership, embedded in your programme

Virtual CISO, DPO, risk, BCP/DR, IT law, and compliance. We lead the work, you keep the business moving

We respond to most inquiries within one business day.

Security rarely fails at the tooling layer

Programmes stall when no one owns risk, priorities shift every quarter, and reporting to leadership turns into a translation exercise. Our advisors step in as senior security and privacy leadership, set direction, and keep the programme moving in language the board can act on.

What we offer

Information security and leadership

halftone-1780406780522

CISO as-a-service (vCISO)

Senior security leadership without the full-time hire. We set direction, prioritise risk, and report to leadership in language they act on.

  • Senior security leader on retainer, named in your org chart
  • Programme direction, risk prioritisation, board reporting
  • Audit support and external stakeholder communication
  • Scoped monthly retainer, not project work
Learn more
halftone-1780406785386

Risk Management

Know your real risks, not theoretical ones. A living risk view with clear owners and a plan that actually reduces exposure.

  • Living risk register, not a one-off spreadsheet
  • Clear ownership and treatment plans per risk
  • Quarterly review cadence aligned to board reporting
  • Maps to ISO 27001 and NIS2 risk requirements
Learn more
halftone-1780406791260

BCP / DR

Continuity and recovery plans your teams can use under pressure. Tested before reality does the testing.

  • Business impact analysis grounded in real RTOs and RPOs
  • Continuity playbooks your teams can run under pressure
  • DR runbooks tested before reality does the testing
  • Compliance-ready evidence for ISO 27001 and DORA
Learn more
halftone-1780406789109

Tabletop Exercises (TTX)

Realistic crisis simulations that expose gaps documents never reveal. Build calm decision-making before the bad day.

  • Scenarios based on threats we see in our own SOC
  • Cross-functional drills covering execs, IT, comms, legal
  • Decision points and timing pressure built in
  • Post-exercise report with concrete gap closure actions
Learn more
halftone-1780406780522

Cyber Due Diligence

Technical and code risk assessment for mergers and acquisitions. We assess the target so you can price the risk, plan for it, or walk away.

  • White-box code and technology stack assessment
  • OWASP Top 10 focus, rated by real impact
  • Infrastructure and configuration review
  • Investor-ready reporting with clear risk levels
Learn more

Data protection and IT-law

halftone-1781014904184

DPO as-a-service (vDPO)

GDPR leadership on tap. Privacy governance, DPIAs, breach support, regulator communications, vendor and DPA review.

  • GDPR-qualified DPO acting under your accountability
  • Privacy governance, DPIAs, breach support
  • Regulator communications and supervisory authority liaison
  • Vendor and DPA review
Learn more
halftone-1781014906039

GDPR Gap Analysis

Find the gaps before regulators do. Clear baseline, prioritised action plan, practical templates.

  • Structured baseline against GDPR articles and DPA guidance
  • Prioritised gap list ordered by risk and effort
  • Templates for records of processing, DPIA, and breach
  • Action plan that closes the most critical gaps first
Learn more
halftone-1781014909655

Corporate IT Lawyer as-a-service

Legal support for tech, data, and vendor contracts on tap. DPAs, SCCs, cloud terms, security clauses translated into business decisions.

  • Legal support for tech, data, and vendor contracts
  • DPAs, SCCs, cloud terms, and security clauses
  • Translated into business decisions, not legal jargon
  • On-tap engagement model
Learn more

Compliance

halftone-1780406794114

Regulatory Readiness

NIS2, DORA, ISO 27001, SOC 2, PCI DSS. One scoping, one roadmap, one team. Map controls once and apply them across overlapping frameworks.

  • One scoping covers NIS2, DORA, ISO 27001, SOC 2, PCI DSS
  • Controls mapped once and applied across frameworks
  • Roadmap with concrete milestones and audit checkpoints
  • Audit-ready evidence package
Learn more
halftone-1780406796004

Gap Analysis

A fast, honest baseline of where you stand. What is missing, what is risky, what to fix first, ordered for execution.

  • Honest baseline of where you stand today
  • What is missing, what is risky, what to fix first
  • Ordered for execution, not just listed
  • Fast turnaround suitable for board reporting
Learn more
halftone-1780406798097

Internal Audits

ISMS and framework internal audits that strengthen control ownership, clean evidence, and remove drift before external auditors arrive.

  • ISMS and framework audits against ISO 27001 and similar
  • Strengthens control ownership before external audit
  • Cleans up evidence and removes drift
  • Fully documented findings and remediation tracking
Learn more
halftone-1780406801696

Vanta - Automated security compliance monitoring

Configure Vanta against real ownership and integrations. Less manual work, fresher evidence, calmer audits.

  • Vanta configured against real ownership and integrations
  • Less manual evidence collection
  • Fresher evidence, calmer audits
  • Ongoing monitoring and partner-tier support
Learn more

Built for organisations under tightening regulation

Financial services

DORA, PCI DSS, and EIOPA gap analysis, vCISO, and incident readiness.

Critical infrastructure

NIS2 readiness for energy, water, transport, and digital infrastructure operators.

Public sector

ISO 27001, GDPR, and accountability to citizens and elected boards.

Scaling SMBs

vCISO and DPO leadership without hiring full-time.

Trusted by

arion-banki
hs-orka
syn
isavia
festi
oem
mind
ronneby
arion-banki
hs-orka
syn
isavia
festi
oem
mind
ronneby

Our credentials

2021
BSI-accredited for ISO 27001 since
13yrs
Advising Nordic organisations
400+
Customers
11
Practices under one contract

What buyers usually want to know

A consultant delivers a project and leaves. A vCISO is your security leader on a sustained basis, named in your org chart, accountable to your board, and responsible for the programme over time.

Let's talk

Talk to a senior advisor

Reykjavík and Stockholm. 13 years of building Nordic security programmes.

We respond to most inquiries within one business day.