Home / Approach

How We Work

A practical method for security programmes that survive audits, incidents and operational reality.

Tenodex combines assessment, design, implementation and operational handover so security uplift becomes usable, measurable and defensible — not slideware that ages out the moment a real incident happens.

Book a briefing → See services

METHODOLOGY

Discover

We confirm business context, critical assets, stakeholders, existing tooling and required assurance outcomes — so the engagement is anchored in reality, not assumption.

Duration: Approximately 1—2 weeks
Key output: Scoping note
Led by: Senior consultant

Stakeholder interviews
Artefact review
Risk context

Our Five-Stage Method

From scoping to sustained operation — without the slideware.

Discover

Map assets & exposure

Assess

Rank by real risk

Design

Build & tune controls

Operate

Detect & respond

Improve

Report & iterate

Inside the engagement

How a typical engagement unfolds.

Every engagement runs through four operational phases. The boundary between phases is deliberately permeable — discovery feeds design, design informs operation, and operation generates the evidence that defends the programme.

Live process

Discover and scope

We confirm business context, operating constraints, critical assets, stakeholders, existing tooling, known pain points and required assurance outcomes — so the engagement is anchored in reality, not assumption.

Stakeholder interviews
Environment and artefact review
Control and risk context
Immediate risk triage

Assess and prioritise

We assess practical exposure and prioritise findings by risk, exploitability, business impact, audit pressure and remediation effort — producing a roadmap leadership can actually fund.

Control gap analysis
Risk-ranked findings
Quick wins and structural issues
Leadership-ready roadmap

Design and implement

We design controls, workflows and evidence expectations, then work alongside your team to implement and tune the uplift — not over the wall, with you, on real systems.

Architecture and control design
Tool deployment and tuning
Playbooks and runbooks
Evidence capture model

Operate and transfer

We make sure the uplift can be operated after the engagement by defining owners, handover material, reporting rhythms and continuous improvement paths. When we leave, you can still run it.

Operating model handover
Role and escalation matrix
Governance reporting
Improvement backlog

Track Record

The numbers behind our way of working.

Engagement
Continuity Rate

Clients
Across Regions

Senior-led
Delivery

0/7

Incident Response
Availability

Method Principles

What makes our approach different.

Outcome first

We define what needs to change operationally before recommending tools or documentation. Tools follow decisions, not the other way around.

Evidence aware

Every control uplift considers what evidence will prove it is operating when audited or challenged. We build the artefact trail as we go.

Handover built in

Runbooks, decision paths and ownership models are treated as core deliverables, not afterthoughts. The day we leave, your team can still run it.

What you walk away with

Tangible artefacts, not just recommendations.

Every engagement produces operational documents your team can use, your board can rely on and your auditors can trust.

Per engagement

Findings & risk register

A leadership-ready, risk-ranked view of exposure with effort and impact estimates.

Control & architecture design

Practical control models mapped to frameworks: Essential Eight, ISO 27001, SOC 2, NIST CSF.

Runbooks & playbooks

Step-by-step operational procedures for triage, escalation, containment and recovery.

Operating model & RACI

Clear ownership, escalation paths, reporting rhythms and continuous improvement backlog.

Ready when you are

Let's see if our method fits your programme.

A 30-minute briefing is enough to know whether Tenodex is the right partner — and what a first engagement would look like for your environment.

Book a Briefing → See Case Studies