Services

Measured, pragmatic support across governance, risk, information security, assurance and professional training.

Training Enquire

Our approach

Engagements are designed around outcomes and decision points, proportionate to organisational context, regulatory exposure and risk posture. We focus on clarity, evidence and sustainability rather than “one-size-fits-all” templates.

Service areas

Common engagement types are grouped into four complementary areas.

Governance & assurance

Decision rights, operating models, controls and reporting that stand up to scrutiny.

ISO/IEC 27001 readiness

Scope, gap analysis, SoA and internal audit support, structured and evidence-aware.

Operational resilience

Practical alignment for resilience and regulatory expectations (e.g., DORA / NIS2 / GDPR).

PCI-DSS advisory and support

Scoping, gap analysis, Risk-based advisory and PCI-DSS security requirements

AI governance & assurance

Scope, gap analysis, ISO/IEC 42001 AI management systems readiness

Training & capability

ISC2, ISACA, CompTIA Security and customised programmes for teams and organisations.

Advisory and delivery services

Examples below are typical. We shape each engagement to fit your environment.

Governance & assurance

  • Governance operating model: roles, decision forums, escalation paths
  • Assurance design: what needs to be evidenced, how, and for whom
  • Control rationalisation: reduce noise, improve effectiveness
  • Executive reporting: metrics, narratives, actions and ownership

ISO/IEC 27001 readiness & internal audit support

  • Scope definition and boundary setting
  • Gap analysis and prioritised roadmap
  • Statement of Applicability (SoA) and evidence mapping
  • Internal audit planning and readiness support
  • Certification readiness and improvement planning

Regulatory alignment & operational resilience (DORA / NIS2 / GDPR)

  • Baseline and gap assessments
  • Evidence alignment and reporting expectations
  • Dependency and third-party considerations
  • Remediation planning with ownership and sequencing

Risk assessments & audit readiness

  • Current-state posture reviews (controls, evidence, governance)
  • Plain-language risk narratives for executive audiences
  • Remediation planning and realistic sequencing
  • Audit walkthrough preparation and evidence readiness

Policies, standards & procedures

  • Policy hierarchy and documentation structure
  • Core policies and standards aligned to good practice
  • Operational procedures aligned to delivery reality
  • Ownership and review cycles that keep documentation defensible

AI governance & assurance

  • Alignment to ISO/IEC 42001 and emerging regulatory expectations
  • Evidence, documentation and reporting to support assurance and scrutiny
  • AI risk assessment across use cases, data, models and human involvement
  • AI governance operating model: accountability, oversight and decision rights

PCI DSS advisory & support

  • Scope definition and cardholder data flow mapping
  • Gap assessment against applicable PCI DSS requirements
  • Third-party and service provider dependency considerations
  • Remediation planning with clear ownership and sequencing

Awareness & human risk

  • Awareness strategy aligned to organisational risk
  • Targeted sessions for leaders and teams
  • Reinforcement approach (campaigns, role-based learning)
  • Measurement and improvement over time (not “tick-box”)

Training & capability building

Poleis delivers professional training for individuals and organisations, including certification-aligned delivery and customised programmes designed around organisational context and objectives.

ISC2

Advanced security leadership training aligned to CISSP domains.

  • CISSP certification-aligned training
  • Practical interpretation of governance, risk and security architecture
  • Exam preparation plus scenario-based learning

CompTIA Security pathway

Security training from foundations to advanced practitioner level.

  • Security+ (security fundamentals)
  • CySA+ (security analytics and threat detection)
  • PenTest+ (entry-level penetration tester)
  • SecurityX (advanced security engineering and architecture)

ISACA

Training focused on IT audit, governance, risk management, and information security.

  • CISA – Certified Information Systems Auditor
  • CISM – Certified Information Security Manager
  • CRISC – Certified in Risk and Information Systems Control
  • CGEIT – Certified in the Governance of Enterprise IT

Customised programmes

Bespoke training designed around your organisation, not a generic syllabus.

  • Security governance, risk and assurance workshops
  • ISO/IEC 27001 enablement for control owners and delivery teams
  • Operational resilience and regulatory readiness workshops
Training enquiry General enquiry