Service Ladder
What We Deliver
Three tiers. Clear deliverables. No ambiguity. Every engagement is mapped against the frameworks relevant to your sector and tier, then reviewed by both our CEO and CTO before it reaches you.
Tier 1
Basic AI Risk Assessment
£750
5–7 working days
A full audit of your AI tool usage mapped across six frameworks, seven for recruitment clients including the Equality Act 2010. Every active compliance failure identified. Clear, prioritised action plan.
- Complete AI tool inventory
- EU AI Act risk classification (deployer tier)
- OWASP LLM Top 10 — all 10 categories
- NIST AI RMF & NIST CSF 2.0 maturity snapshot
- GRC posture overview — scored
- UK GDPR & Data (Use and Access) Act 2025 compliance snapshot
- Full risk register with free actions per finding
- Remediation roadmap — This Week / 30 Days / 90 Days
- One-page executive summary with overall risk rating
- Transparent 5x5 risk scoring methodology
- Dual sign-off: CEO + CTO
Tier 2
Full AI Security Review
£2,500
7–10 working days
Board-ready deep-dive. Everything in Basic expanded to full depth, plus MITRE ATLAS, DPA audit, Staff AI Policy, and 90-day reassessment call.
Everything in Basic, plus:
- MITRE ATLAS adversarial threat mapping (sector-specific scenarios)
- EU AI Act deployer gap analysis: per tool, per article
- NIST AI RMF full 4-function assessment
- NIST CSF 2.0 full 6-function maturity assessment
- GRC framework scored 1–10 across all three pillars
- UK GDPR + Data (Use and Access) Act 2025 full gap analysis
- Framework cross-reference matrix — every framework in scope
- Documented Evidence Register for every material finding
- Financial exposure quantification against UK GDPR fine ceilings
- DPA review — all AI tool providers
- 13-clause Staff AI Usage Policy + ADM procedure (Articles 22A to 22D)
- 90-day roadmap with action owners
- Extended findings walkthrough on delivery, plus 90-day reassessment session
- Dual sign-off: CEO + CTO — board ready
Ongoing Support
Retainer
£395
Per month · billed monthly · 12-month term
AI adoption doesn't stop after a single assessment. A retainer keeps your compliance posture current as legislation evolves, new tools are adopted, and your AI footprint grows.
- Quarterly AI risk reassessment against standing risk register
- Up to 3 tool vettings per quarter (verdict within 2 working days)
- Policy updates within 10 working days of regulatory change
- Written regulatory alerts
- 2 advisory hours per quarter
- Incident response: same-working-day, first 2 hours included
The Process
What to Expect
Every engagement begins with a 25-minute discovery call. No technical knowledge required on your side. We map your AI tool usage, data flows, governance position, and sector-specific obligations.
From there, we work independently. You receive your report within the stated turnaround, walk through it together, and leave with complete clarity on next steps.