Sectors

The same rigour, whether or not a regulator is watching.

Regulated industries demand evidence, traceability, and resilience. Unregulated ones still need to win enterprise trust and move fast without breaking things. We've worked on both sides of that line — and the discipline travels well.

Regulated

Where evidence, audit, and resilience are non-negotiable.

Financial servicesTesting & inspectionManufacturing & industrial
Unregulated

Where speed, scale, and trust win the market.

Software & SaaSConstruction & built environmentProfessional services
Regulated

Financial services

Money, sensitive data, and a regulator that expects evidence. Trust is the product, and operational resilience is now a board-level obligation — not an IT line item.

Where we're brought in

  • Standing up a credible security and risk function that the FCA and PRA will recognise
  • Operational resilience: identifying important business services and proving you can stay within impact tolerances
  • Shipping product fast without tripping over change-management and audit expectations
  • Third-party and cloud concentration risk across a growing supplier estate

We act as the accountable CTO or CISO who can speak to a regulator and an engineer in the same afternoon — building the controls, the evidence, and the resilience story without grinding delivery to a halt.

Sets the bar:FCAPRAOperational resilience (PS21/3)NIST CSFISO 27001
Talk to us about financial services
Regulated

Testing & inspection

Accreditation and data integrity are the business. A lab's results are only worth what their traceability and impartiality can withstand under scrutiny.

Where we're brought in

  • Protecting data integrity and audit trails end-to-end through LIMS and instrumentation
  • Maintaining accreditation while modernising legacy systems and integrations
  • Securing OT and lab equipment that was never designed to be networked
  • Scaling digital services without undermining impartiality or chain-of-custody

We bring security and architecture discipline that respects accreditation realities — hardening the systems your results depend on without breaking the controls your assessors rely on.

Sets the bar:ISO/IEC 17025ISO 27001UKAS expectationsCyber Essentials
Talk to us about testing & inspection
Regulated

Manufacturing & industrial

Production can't simply be rebooted. Downtime is measured in lost output, and the attack surface now spans both the factory floor and the back office.

Where we're brought in

  • OT/IT convergence: connecting plant and ERP without exposing safety-critical systems
  • Ransomware resilience where an outage stops the line, not just the email
  • Supply-chain and supplier security across a long, often analogue, chain
  • Modernising decades-old systems that can't be patched on a normal cadence

We segment and secure the boundary between OT and IT, plan for the outage you hope never happens, and make pragmatic calls about what to modernise, isolate, or replace.

Sets the bar:IEC 62443NIST CSFISO 27001Cyber Essentials
Talk to us about manufacturing & industrial
Unregulated

Software & SaaS

Architecture, security maturity, and a credible AI story increasingly decide whether you win the enterprise deal — or stall in the security questionnaire.

Where we're brought in

  • Passing enterprise security reviews and SOC 2 / ISO 27001 without derailing the roadmap
  • Scaling architecture and engineering practice ahead of the next growth stage
  • Turning AI from a demo into a governed, evaluated, production capability
  • Building security in early enough that it's a sales asset, not a retrofit

We give scaling platforms the senior technology and security leadership to ship faster, satisfy enterprise buyers, and make AI bets that actually pay off.

Sets the bar:SOC 2ISO 27001NIST CSFOWASPCyber Essentials
Talk to us about software & saas
Unregulated

Construction & built environment

A traditionally analogue industry going digital fast — data, integrations, and connected sites create value and risk in equal measure.

Where we're brought in

  • Joining up data across design, site, and asset systems that were never meant to talk
  • Pragmatic security for a distributed, project-based, multi-supplier workforce
  • Getting value from BIM, IoT, and site data without a runaway technology spend
  • Protecting commercially sensitive bid and project data across the supply chain

We help built-environment firms digitise deliberately — choosing the few integrations and controls that move the needle, and keeping security proportionate to a project-based reality.

Sets the bar:Cyber EssentialsISO 27001ISO 19650 (information management)
Talk to us about construction & built environment
Unregulated

Professional services

Client trust and confidentiality are the franchise. Productising expertise with AI is the opportunity — and the place reputations are most easily lost.

Where we're brought in

  • Adopting AI to productise services without leaking confidential client data
  • Meeting client and enterprise security expectations to win and keep accounts
  • Modernising delivery and knowledge systems without disrupting fee-earners
  • Governing data and access across partners, contractors, and clients

We help firms turn expertise into AI-assisted, productised services — with the data governance and security that keeps clients confident and accounts intact.

Sets the bar:ISO 27001Cyber EssentialsGDPR / data protectionNIST CSF
Talk to us about professional services

Work in a sector not listed?

The principles — sound architecture, real security, pragmatic AI — apply broadly. Tell us about yours.

Book a consultationphil.baker@amaya.technology