Golonex

Managed IT Services

EDR · MDR · XDR Email Security Backup & DR / BCP Staff Augmentation

🌍 Global

SOC as a Service Fractional Leadership Penetration Testing Compliance Readiness AI Automation Solutions Lab Our Work Industries About Contact Golonex Press ↗ Golonex Tools ↗ ◆ Golonex Ready Book a Call →
Usecases

Readiness, in the shape of real situations.

Compliance pressure rarely arrives as a tidy checklist — it arrives as a deadline, a stalled deal, or a board question. These are the situations regulated mid-market firms bring us, and how a readiness engagement answers each.

Book a Readiness Review → Explore Readiness →

Representative readiness scenarios that illustrate how we work — not specific client engagements. As engagements close, we'll add anonymized results here.

Cybersecurity · EDR · SOC

A business with no endpoint visibility after a near-miss

A 150-endpoint professional services firm had no EDR, no SIEM, and no alerting. A phishing email that reached finance forced the board to act.

The readiness path
  1. 01 Deploy and tune EDR across all endpoints within two weeks
  2. 02 Onboard SIEM with endpoint, firewall, and Microsoft 365 log sources
  3. 03 Stand up 24×7 SOC with a dedicated analyst team and defined escalation runbooks
You walk away with
  • Full endpoint visibility and behavioural threat detection
  • A live SIEM correlating events across the entire environment
  • 24×7 monitoring with a named analyst team — not a shared pool
EDRMDRSIEM24×7 SOC
Book a Readiness Review →
Cybersecurity · Email Security · BEC

A firm losing money to business email compromise

Finance team at a mid-market firm received spoofed supplier invoices that bypassed their basic email filter. Two payments went to fraudulent accounts before it was caught.

The readiness path
  1. 01 Deploy advanced email security with BEC detection and AI-based spoofing analysis
  2. 02 Enforce DMARC, DKIM, and SPF across all sending domains
  3. 03 Train staff and build a reporting workflow for suspected phishing
You walk away with
  • BEC and phishing blocked at the gateway before they reach inboxes
  • Full DMARC enforcement preventing domain spoofing
  • A tested staff reporting process so threats surface fast
Email SecurityBEC ProtectionDMARCAnti-Phishing
Book a Readiness Review →
Cybersecurity · Backup · Ransomware Resilience

A business that had no recovery plan when ransomware hit

A manufacturing SMB was encrypted by ransomware on a Friday evening. Backups existed but were also on the same network segment — entirely inaccessible.

The readiness path
  1. 01 Implement immutable, offsite backups with tested restore procedures
  2. 02 Define RPO and RTO targets and build a DR runbook the team can actually execute
  3. 03 Conduct a live DR drill and close any gaps before the next incident
You walk away with
  • Immutable backups isolated from the production network
  • A tested DR runbook with defined recovery time targets
  • Confidence that the next incident is a recovery drill, not a crisis
Backup & DRRansomwareBusiness ContinuityImmutable Backup
Book a Readiness Review →
SaaS · Enterprise Sales

A SaaS vendor losing deals to the security questionnaire

Enterprise buyers keep asking for SOC 2 and ISO 27001. Deals stall in procurement while the team answers vendor questionnaires by hand.

The readiness path
  1. 01 Build a real ISMS (ISO 27001) — risk assessment, Statement of Applicability, Annex A controls
  2. 02 Get SOC 2-ready and coordinate the CPA engagement
  3. 03 Crosswalk one control program across both
You walk away with
  • An ISO 27001-ready ISMS with an owned evidence pack
  • SOC 2 attestation readiness (report issued by a licensed CPA firm)
  • Faster, defensible answers to every security questionnaire
ISO 27001SOC 2vCISO
Book a Readiness Review →
AI Product · EU AI Act

An AI product company unsure if it's a "provider"

The product embeds AI and sells into the EU. Nobody can say whether the company is a provider or deployer, which systems are high-risk, or what ISO 42001 demands.

The readiness path
  1. 01 Inventory and classify every AI system and use case
  2. 02 Map EU AI Act obligations to role and risk tier
  3. 03 Stand up an ISO 42001 AIMS with human-oversight + logging controls
You walk away with
  • A complete AI inventory with risk classification
  • An ISO 42001-aligned management system
  • Provider/deployer obligations mapped and evidenced
ISO 42001EU AI ActNIST AI RMFvCAIO
Book a Readiness Review →
HR-Tech · High-Risk AI

A hiring platform under EU AI Act scrutiny

AI ranks and screens candidates — a high-risk category under the EU AI Act — on top of heavy personal-data processing across multiple jurisdictions.

The readiness path
  1. 01 Classify the hiring AI and its high-risk obligations
  2. 02 Implement human-oversight, transparency and record-keeping
  3. 03 Bridge AI governance with privacy (ISO 27701, GDPR/DPDP)
You walk away with
  • High-risk AI controls and technical documentation
  • Privacy and AI governance run as one connected program
  • Evidence ready for customer and regulator due diligence
EU AI ActISO 42001ISO 27701GDPR
Book a Readiness Review →
Health-Tech · PHI

A health-tech firm with PHI and clinical AI

Sensitive health data flows through AI-assisted workflows. The team needs HIPAA Security-Rule safeguards and an ISMS — without overpromising clinical compliance.

The readiness path
  1. 01 Build an ISO 27001 ISMS over the PHI environment
  2. 02 Implement HIPAA Security-Rule safeguards (data-security scope)
  3. 03 Layer ISO 27701 privacy + AI governance where AI touches care
You walk away with
  • A defensible ISMS and HIPAA Security-Rule evidence
  • Privacy management mapped to the data you actually hold
  • Clear scope — security safeguards, not clinical compliance
ISO 27001HIPAA Security RuleISO 27701
Book a Readiness Review →
Mid-Market · Multi-Framework

One team, four overlapping frameworks

A regulated mid-market firm carries SOC 2, ISO 27001, PCI and HIPAA expectations at once — and has no team to run four parallel compliance projects.

The readiness path
  1. 01 Map the union of controls across every framework in scope
  2. 02 Implement one control program, crosswalked to each
  3. 03 Run it with fractional leadership + a delivery team
You walk away with
  • A single control program satisfying many frameworks
  • One owned evidence pack, multiple audiences
  • Comply once, satisfy many — without four projects
SOC 2ISO 27001PCI DSSHIPAA
Book a Readiness Review →
AI Automation · Operations · Multi-Agent

Vendor Risk Assessment Automation

Mid-market operations firm drowning in manual vendor risk assessments — 3 weeks per vendor, 40-vendor backlog with no sign of shrinking.

The readiness path
  1. 01 Design multi-agent risk assessment workflow with automated document extraction
  2. 02 Build policy cross-referencing engine and structured risk scoring layer
  3. 03 Implement human-review gate on all outputs before finalisation
You walk away with
  • Automated assessment pipeline
  • Structured risk output with audit trail
  • Human-review gate for every vendor decision
AI AutomationMulti-AgentOperationsRisk Scoring
Book a Readiness Review →
AI Automation · IDP · Legal · Air-Gapped

Intelligent Document Processing — Legal Firm

Legal firm with 6 hours/week per lawyer spent extracting data from contracts and NDAs into matter management — entirely by hand.

The readiness path
  1. 01 Build IDP pipeline with structured extraction and field-level validation
  2. 02 Integrate with matter management system via secure API
  3. 03 Deploy air-gapped to meet data residency and client confidentiality requirements
You walk away with
  • Zero manual data entry from contracts and NDAs
  • Air-gapped deployment meeting data residency requirements
  • LLM extraction with human-validation spot-check layer
IDPAI AutomationLegalAir-Gapped
Book a Readiness Review →
EU AI Act · DPDP · HR-Tech · Compliance

EU AI Act Compliance for AI-Powered HR Screening

HR-tech platform using AI screening tools facing EU AI Act high-risk classification and DPDP obligations on candidate data across multiple markets.

The readiness path
  1. 01 Run EU AI Act deployer compliance path (Path B scorecard) and high-risk classification
  2. 02 Design DPDP consent architecture for candidate data processing
  3. 03 Complete Fundamental Rights Impact Assessment and bias audit documentation
You walk away with
  • EU AI Act deployer controls implemented and documented
  • FRIA completed and evidenced
  • DPDP consent flows and bias audit documentation
EU AI ActDPDPHR-TechBias Audit
Book a Readiness Review →
Don't see your situation?

Tell us what's forcing the question.

A deadline, a questionnaire, a board ask — book a readiness review and we'll scope exactly what you're in for and what it takes to be ready.

Book a Readiness Review → Explore Readiness →