SERVICES — L2 · ASSESSMENT
Declared output, no surprises
The "we bill by the day and see how it goes" approach is exactly why many SMEs don't buy consulting. Here it works the other way: you know upfront what I need from you and what you get back — item by item. Two specialised tracks, two depths each.
TWO FORMATS
Radar to get your bearings, Compass to decide
RADAR — 1 DAY
Morning on-site with interviews, afternoon analysis and debrief with the CEO/CTO. For those who need a quick answer: where am I exposed, what are the 3–5 priority gaps, what do I do in the next 90 days.
OUTPUT: 4–6 PAGE SUMMARY DOCUMENT
COMPASS — 2 DAYS
Day 1: in-depth assessment with multiple business functions. Day 2: strategic briefing for the CEO or board with a 6–12 month action plan — priorities, responsibilities, estimated investments. The result goes to the board room.
OUTPUT: 15–20 PAGE REPORT + ROADMAP + EXECUTIVE SLIDES
In-person or remote. Availability: 2 weeks from confirmation for the Radar, 3 for the Compass. The Radar does not commit you to the Compass.
AI TRACK
For those who are adopting or planning to adopt AI in their processes
AI tools already in use or under evaluation — Copilot, automations, decision systems — and the AI Act looming. The AI track maps maturity and exposure before they become a problem.
AI Radar
AI TRACK · 1 DAY
AI tools in use, involved processes, data handled, vendors. Interviews with the CEO, IT lead and 1–2 process owners.
- →AI Act exposure map: risk level, obligations, deadlines
- →The 3–5 priority gaps to address
- →Concrete first actions for the next 90 days
- →Summary document (4–6 pages) to share internally
AI Compass
AI TRACK · 2 DAYS
Extended interviews with CEO, CTO, IT, HR, operations; processes, data, AI systems and vendors; existing governance.
- →Full AI assessment report (15–20 pages)
- →Classification of AI systems by AI Act risk level
- →Gap analysis against applicable obligations
- →Compliance and adoption roadmap with milestones and indicative costs
- →Executive slides for board or investors, on request
Training, AI Officer and ISO 42001 — see the Artificial Intelligence axis →
OT & CYBERSECURITY TRACK
For those with industrial plants or connected products
NIS2 for the organisation, CRA for the product, IEC 62443 as the reference standard for both. The OT track measures the exposure of plants, products and supply chain — before an OEM customer or an inspection does.
OT Radar
OT TRACK · 1 DAY
Plant architecture, connected products, vendors, past incidents, existing measures. Interviews with CEO/CTO, IT/OT and production or R&D.
- →NIS2, CRA and IEC 62443 exposure map for your specific context
- →The 3–5 priority risks to address
- →Concrete first actions for the next 90 days
- →Summary document (4–6 pages) to share internally
OT Compass
OT TRACK · 2 DAYS
OT/IT architecture, products, critical vendors, existing measures — evaluated against IEC 62443, NIS2 and CRA. Extended interviews through to procurement.
- →Full OT cybersecurity assessment report (15–20 pages)
- →Gap analysis against IEC 62443, NIS2 and CRA
- →Priority risk map for plants and products
- →Compliance and mitigation roadmap with milestones and indicative costs
- →Executive slides for board or insurers, on request
IEC 62443 training, CRA Reporting Ready and annual oversight — see the Cybersecurity axis →
WHAT'S NEXT?
The Compass is also the onboarding for what comes after
From the Compass, two paths open up: a recurring service to oversee the ongoing obligations — with no additional onboarding costs, since knowledge of the company is already acquired — or a custom project for specific implementation work. Or both. Neither is required.
Not sure which track is yours?
That's exactly what the Regulatory Spark is for: 45 free minutes to map your exposure and choose — AI track or OT track, Radar or Compass — on concrete grounds.
Book the Regulatory Spark