Before we implement anything,
we need to understand everything.

The most expensive identity programmes are the ones that skipped the foundations. Our Business Analysis practice maps where you are, where you need to be, and exactly what it will take to close the gap — before a single platform is deployed.

Why Start Here

Most identity failures aren't technology failures.

They're requirements failures. The wrong platform was selected. Ungoverned processes were automated and made permanent. Questions that should have been asked in week one surfaced as scope creep in month six.

Our Business Analysis practice exists to de-risk everything that comes after it — requirements gathered properly, gaps mapped honestly, platforms selected on fit rather than familiarity, and processes designed before they're hard-coded into a system.

We've seen what happens when programmes skip this step. We don't let that happen to our clients.

Talk to us about your current state
Business analysis and requirements gathering
Our Process

From requirements to ready.

Four structured stages that build on each other — and feed directly into implementation and managed operations.

01 Discovery

Requirements Gathering

Structured discovery sessions with your security, IT, compliance and business stakeholders. We surface what you need — not just what you think you need. Business drivers, regulatory obligations, current-state pain points, risk appetite and stakeholder expectations are all mapped before any recommendation is made.

  • Stakeholder interview programme
  • Current-state identity estate review
  • Regulatory and compliance obligation mapping
  • Risk and priority classification
  • Documented requirements baseline
02 Analysis

Technology Gap Analysis

An honest assessment of where your current identity estate falls short. We map your current-state capabilities against your target state — identifying what is ungoverned, what is over-privileged, what is invisible, and where the highest risk exposure sits. No assumptions. No vendor spin.

  • Current vs target state capability mapping
  • Identity estate exposure assessment
  • Access governance maturity review
  • Tool and integration gap identification
  • Prioritised remediation roadmap
03 Selection

Platform Selection

Vendor-neutral platform recommendation based on your requirements — not ours. We work across SailPoint, Omada, One Identity, Microsoft Entra, CyberArk, Delinea, Flexera and more. We recommend what fits your environment, your team's capability and your budget. Then we help you evaluate, shortlist and select with confidence.

  • Vendor-neutral market review
  • Requirements-to-platform fit scoring
  • RFP and demo facilitation
  • TCO and licensing analysis
  • Selection recommendation and rationale
04 Design

Process Design

Identity and access processes designed before implementation begins — not retrofitted after. Joiner, mover and leaver workflows. Access request and approval flows. Certification campaigns. PAM authorisation paths. Designed with your business, documented clearly, and ready to be configured — not improvised during a sprint.

  • Joiner / mover / leaver process design
  • Access request and approval workflows
  • Role and entitlement model design
  • Access certification campaign design
  • PAM and privileged workflow design
What Comes Next

BA feeds directly into implementation.

Business Analysis is stage one of a full delivery lifecycle. Once requirements are defined, gaps mapped, platforms selected and processes designed — implementation begins with clarity, not assumptions.

Identity & Access Security

Verified identities, controlled privilege and secure authentication — deployed on the platform your BA recommended.

Explore IAS

Identity Governance & Administration

Governance programmes delivered against the processes your BA designed — not improvised during configuration.

Explore IGA

IT Asset Management

Asset visibility and cost control programmes scoped correctly from day one — because your BA mapped what was actually there.

Explore ITAM
Why It Matters

The cost of skipping BA is never visible — until it is.

Requirements failures, not technology failures

Most failed IGA and IAM programmes did not fail because the platform was wrong. They failed because the requirements were never properly defined — and the platform was configured against assumptions.

Platform selection without a gap analysis costs more

Selecting a platform before mapping your gaps is a gamble. Course-correcting mid-programme — re-scoping, re-licensing, re-integrating — costs significantly more than getting the selection right at the start.

Process debt is the hardest debt to pay back

Processes designed after deployment get built around what the platform does — not what the business needs. That technical debt follows you through every upgrade, every audit, and every new integration for years.

Start with clarity.

Want to begin with
a clear picture?

Talk to us before you commit to a platform, a vendor, or a programme scope. A conversation costs nothing. Starting without the right foundations costs a great deal more.

Talk to the Team Our Story