Programme Streams
A comprehensive, control-by-control maturity assessment across 17 security domains. Each of the 56 controls is evaluated against a four-level maturity model - from Not in Place through to Defined - with structured evidence requirements at each level.
Five high-impact controls assessed quarterly and delivered in the Portfolio QSR. RAG (Red, Amber, Green) ratings are derived from framework maturity levels, linking executive reporting to evidence-based assessment rather than subjective self-rating.