A shared frame for every engagement
Pentest, AppSec advisory, cloud, defense, and vuln management share the same commercial and operational cycle: frozen scope, traceability, and documented closure — regardless of the contracted line.
Engagement structure
Three stages connect commercial, delivery, and closure. Depth depends on the engagement type and the signed scope.
Stage 1
Pre-contract
Stage 2
Execution
Stage 3
Post-delivery
Stage 1
Pre-contract
Discovery call, objective alignment, and written scope. Every line — pentest, advisory, cloud, vuln management — starts here with a frozen scope and signed frame before any technical work.
Stage 2
Execution
Kickoff, delivery per SOW, and formal readout. Workshops, testing, posture reviews, and operational support all run under the same traceability and escalation rules.
Stage 3
Post-delivery
Remediation on your side, validation where contracted, and documented closure. Operational support and follow-up cycles close the loop when applicable.
