Skip to content
Enterprise Sight
Book a scoping call →
04 / 06

From first call to signed traffic.

We work in five phases that overlap deliberately. Discovery doesn't stop when the build starts. Risk doesn't either. Every engagement is bespoke, so we scope the timeline with you rather than quote one here.

PHASE 01

Discovery & threat-model

A 30-minute call. We map your customer-side agent traffic, your existing systems of record, and what "safe" means for your risk team. If there's a fit, we draft a proposal with scope, timeline, and pricing. If there isn't, we'll say so.

  • Stakeholder workshops
  • Map exposed surface
  • Identity model draft
  • Risk register opens
PHASE 02

Architecture & contract design

We map what your business should expose, to which classes of agent, under what authority. The output is an architecture decision record, a threat model, and a build plan that your risk and compliance teams can pre-read before any code is written.

  • MCP topology
  • Policy engine spec
  • Audit schema
  • Risk-team sign-off
PHASE 03

Deployment & integration

The platform is deployed into your private cloud or self-hosted environment, integrated against your systems of record, and instrumented for observability.

  • Platform in your environment
  • Integration to systems of record
  • Observability + audit on day one
  • Continuous risk review
PHASE 04

Integration & UAT

Stress-tested against the threat model. Your engineering and risk teams get progressive previews. We don't disappear and surface later with a finished deployment.

  • Customer-side agent simulator
  • Penetration test
  • Audit walkthrough
  • Performance + capacity
PHASE 05

Handover & assurance

ISO 42001 and EU AI Act controls are evidenced, audit logs are validated, runbooks are written, and your operations team gets trained. The engagement closes with a working deployment and a documentation pack your auditors can read without us in the room.

  • Runbook + threat model
  • Engineer enablement
  • First-90-days plan
  • Quarterly review opens

“Every meeting closed with a written decision. By month two the risk team had stopped asking us to repeat ourselves.”

— Head of AI Risk · FTSE 100 insurer
Fixed scope.

No change-orders for things both sides knew about on day one.

Fixed bench.

Same senior people from kickoff to handover. No rotation.

Fixed exit.

Documentation that lets you continue without us. By design.

The earlier the better. If your architecture conversations are still abstract, that's the right time. We can write code into a half-built system, but the cost is higher and the audit posture is messier.

Book a 30-minute scoping call →