Built to pass the questions your auditors ask.
We assess SQL Server estates for a living. We hold our own access to the same standard we hold yours. Read-only, segregated, logged, and in-region.
Where SQL Server gets exposed — and how we close it.
A security review runs read-only first: we find the gaps, rank them by real exposure, and hand you a hardening plan with the evidence behind every finding.
Access & identity
Least-privilege roles, orphaned and over-privileged logins, the shared sa account everyone forgot. Who can do what — and who actually should.
Surface & exposure
What is switched on that need not be, and what is reachable from where it should not be. We shrink the attack surface to what the workload needs.
Encryption
At rest with TDE, in transit with TLS, and column-level for the data that truly warrants it. Mapped to what the regulation requires, not gold-plated.
Patching
Cumulative-update currency and a cadence you can evidence — so 'are you patched?' has a one-word answer, with a date.
Auditing & evidence
SQL Audit, login and change tracking, and a trail your auditors will accept. Findings, not opinions.
Recoverability
A ransomware story ends at your backups. We confirm they exist, they restore, and the DR plan has actually been run.
And we hold our own access to the same bar.
We are inside sensitive estates for a living, so the way we connect, store and hand back your data is held to the standard we would expect of you. In plain English:
Read-only by default
Assessments run read-only. No writes, no production impact. You see exactly what we run.
Per-client data segregation
Each client's data lives in its own isolated container. Clean permissions, clean offboarding.
Microsoft Entra ID + MFA
Portal access via Entra ID single sign-on with MFA. No local passwords stored in the application.
Signed-URL access
Deliverables are served through application-controlled, expiring signed URLs. No direct storage access.
Audit logging
Logins, downloads, uploads and report access are logged and retained 12 to 24 months.
Data residency
Hosted in-region for NZ and AU clients, with US and other regions where a contract requires it.
No AI touches client data.
We use AI for our own blog and internal documentation. It never sits inside the client-data boundary, and it never analyses your reports or monitoring. That line is deliberate, and it does not move.
Master Services Agreement, insurance certificates and a completed security questionnaire are available on request.
References from enterprise clients are available under NDA. The fact that we hold them is the first answer to "can we trust you".
We slot in around your existing arrangements without disruption. Read-only by default, no agents left behind, no contest with your incumbent MSP or in-house team. We do the specialist work, hand back the evidence, and stay out of the way.