Our Manifesto
Most compliance consultancies are built around the moment of certification. A project starts, a certificate is issued, and the relationship ends. We are built differently. We are the partner that stays, keeping your frameworks current as standards evolve, your business changes, and audit expectations increase.
Our clients are complex, accountable organisations: law firms, regulated businesses, public sector bodies, national brands. They do not need someone to hand them a framework and walk away. They need someone who understands their history, knows their standards as well as their own team does, and is there when it matters, including between the audits.
That is the model we have built. And it is why our relationships are measured in years, not engagements.
Leadership
Secure Step Forward was founded with a deliberate intention: to build a consultancy structured around continuity, not transactions. Senior expertise on every engagement, not a principal who sells and a junior who delivers.
Founder & Principal Consultant · MSc Information Technology (Distinction)
John has spent 25 years in IT and technology services, spanning technical delivery, business development, and governance and compliance. He understands technology from the inside, which means the frameworks he builds are grounded in operational reality, not just standards language.
His approach is direct, practical, and focused on building things that last, not frameworks that impress at audit and decay between them.
How we staff engagements
Every engagement is led directly by John. Where a project requires specialist depth, such as penetration testing oversight, legal sector data protection expertise, or specific technical implementation, we draw on a trusted network of specialist associates who work to the same standards and approach. Our clients deal with senior people throughout. That is not a policy. It is the model.
Our Approach
We embed, not parachute. We take the time to understand your organisation's history, context, and constraints. The work is tailored to your situation, not adapted from a template.
We build for sustainability. Every framework we deliver is designed to be owned and maintained by your team. External dependency is never the goal. Genuine operational resilience is.
We stay current. Standards change. Regulations evolve. We track developments across all the frameworks we work with and proactively advise clients on what they need to do, before their auditor tells them.
We speak plainly. Compliance has a language designed to obscure rather than clarify. We translate it. Our board reports, our findings, and our recommendations are written for the people who need to act on them.