A shared frame for every engagement

Pentest, AppSec advisory, cloud, defense, and vuln management share the same commercial and operational cycle: frozen scope, traceability, and documented closure — regardless of the contracted line.

Engagement structure

Three stages connect commercial, delivery, and closure. Depth depends on the engagement type and the signed scope.

Stage 1

Pre-contract

Stage 2

Execution

Stage 3

Post-delivery

Stage 1

Pre-contract

Discovery call, objective alignment, and written scope. Every line — pentest, advisory, cloud, vuln management — starts here with a frozen scope and signed frame before any technical work.

Stage 2

Execution

Kickoff, delivery per SOW, and formal readout. Workshops, testing, posture reviews, and operational support all run under the same traceability and escalation rules.

Stage 3

Post-delivery

Remediation on your side, validation where contracted, and documented closure. Operational support and follow-up cycles close the loop when applicable.