They were winning every room they walked into. Sharp pitch, credible team, genuine sustainability expertise that enterprise clients actually wanted. But somewhere between the final presentation and the purchase order, they kept losing. Not on price. Not on capability. On a four-page security annex that came attached to every procurement process β and that they had absolutely nothing to put in.
The Baseline Posture Audit made it concrete: 120 people across unmanaged devices, SaaS tools provisioned by whoever needed them that week, and no single record of who had access to what. No identity provider, no MDM, no offboarding process, no documented controls. Not a security crisis β just a company that had grown fast without anyone ever owning IT.
Device fleet enrolled and managed. Identity centralised with SSO and phishing-resistant MFA. Offboarding automated so access revocation happens in minutes, not months. An access matrix built and documented. And a compliance checklist β mapped directly to the security annexes they kept facing β that could be completed in an afternoon instead of left blank with an apology.
Eight weeks from audit to ready. They submitted their first fully completed security annex on day one of the next RFP window. The checklist is now standard practice for every tender they bid on. The configurations exist, they're documented, and they hold up when a procurement team actually checks.
"We went from leaving the security annex blank to submitting it on day one of the RFP window."