Home Services About Contact Book a Consultation
Cybersecurity & GRC Consulting

Strengthening Cybersecurity.
Enabling Compliance.
Building Trust.

Secure91 provides practical cybersecurity and compliance solutions to help organizations identify risks, strengthen security controls, and prepare for industry-recognized frameworks.

Your security is our priority.

Book a Consultation Explore Our Services
Secure91 cybersecurity
ISO 27001
Certified Methodology
5+
Compliance Frameworks
60s
Vendor Risk Scan
3
Core Service Areas
24/7
Threat Monitoring
How We Work

Our Process

Every engagement follows a structured, transparent process — so you always know where you are, what comes next, and what you will receive.

Step 01
🔍

Discovery & Scoping

We start with a focused conversation to understand your organisation, regulatory environment, existing controls, and timeline — so our work is targeted and efficient from day one.

→ Scoping document & agreed statement of work
Step 02
📋

Assessment & Analysis

We gather evidence, test controls, review documentation, and interview key stakeholders. Everything is mapped against the relevant framework so findings are immediately actionable.

→ Detailed findings with severity ratings & evidence
Step 03
📊

Reporting & Prioritisation

Executive summary for leadership, technical report for your team. Every finding includes a severity rating, plain-English explanation, and specific recommended action.

→ Executive report & technical findings document
Step 04
📤

Debrief & Handover

We walk your team through every finding, explain the recommended prioritisation, and answer questions. The remediation roadmap is structured so your internal team or implementation partner can act on it immediately — without needing further guidance from us.

→ Remediation roadmap walkthrough & client takes ownership of all actions
Step 05
🔁

Optional Follow-Up Advisory

Once your team has worked through the remediation actions, we can return to review progress, clarify findings, or answer questions that arise during implementation. This is an advisory review — we assess and advise on what your team has done, not perform the work ourselves.

→ Progress advisory session & updated findings review (if required)
Step 06
🔄

Ongoing Advisory & Monitoring

Security is a programme, not a project. We provide ongoing advisory support — answering questions, reviewing changes, and advising on new risks as they arise. Vendor risk monitoring is automated via VendorGuard for Business and Enterprise clients.

→ Periodic advisory sessions & automated vendor threat monitoring
Start the Process →
Common Questions

Frequently Asked Questions

A cybersecurity assessment evaluates your actual security posture — how well your controls protect you against real threats. A compliance audit checks whether you meet a specific standard such as ISO 27001 or POPIA. You can be compliant on paper yet still be vulnerable, and vice versa. Secure91 helps you achieve both.
For most small to mid-sized organisations, a realistic timeline from gap analysis to certification is 6 to 12 months. The variance depends on the maturity of your existing controls, team availability, and whether remediation work is needed before the audit.
Yes. POPIA applies to any organisation that processes personal information of South African data subjects, regardless of size. If you store customer names, employee records, or supplier contacts — you are a responsible party under POPIA. The Information Regulator does not provide size exemptions. Non-compliance carries fines of up to R10 million or 10 years imprisonment.
VendorGuard is an AI-powered vendor risk platform that produces a structured, ISO 27001-aligned risk report on any vendor in 60 seconds. A traditional consultant-led assessment typically takes 2–4 weeks and costs R15,000–R50,000 per vendor. VendorGuard delivers the same structured assessment at R399 per scan — complementing consultant expertise rather than replacing it.
Enterprise clients, financial institutions, and government buyers increasingly require ISO 27001 as a condition of doing business — often without warning. Certification takes 6–12 months, so if a large contract arises and you're not certified, you may lose it before you can respond. Organisations that build compliance ahead of demand are better positioned in every procurement process.
Absolutely — this is one of the most common situations we encounter. Many organisations begin an ISO 27001 or POPIA programme internally and stall because the team runs out of capacity or the scope becomes unclear. We can step in at any point, conduct a gap analysis, and provide the specific support needed to move forward. You don't need to start over.
VendorGuard addresses this directly — because it uses publicly available intelligence (CVE databases, SSL certificate records, internet exposure data), it can produce a meaningful risk assessment without any input from the vendor. This allows you to make an informed decision and add protective clauses to the contract without depending on vendor cooperation.
All engagements are governed by a Non-Disclosure Agreement signed before any work begins. Information shared during an assessment is used solely for the engagement and never shared with third parties. Secure91 applies the same security standards to your information that we help our clients achieve in their own organisations.
Yes. While we have specific expertise in POPIA compliance, our broader offering — ISO 27001, SOC 2, GDPR, POPIA, and third-party risk via VendorGuard — is globally applicable. We work remotely with clients across Africa and can engage internationally on the frameworks that apply to their environment.
Book a free 30-minute consultation using the Contact page — no commitment, no sales pitch. You can also run a free vendor scan at vendorguard.co.za with no account required. We follow up within one business day of any enquiry.
Client Feedback

What Our Clients Say

💬

Coming soon

We are currently working with our first clients and will share their feedback and success stories here soon. If you would like to be one of our early reference clients, we would love to hear from you.

Become an Early Client
Vendor Risk Intelligence Platform

Introducing VendorGuard

The only vendor risk platform built for GRC teams who need audit-ready reports without the six-week questionnaire process. Scan any vendor in 60 seconds.

🌐
Real Intelligence — Not Estimates
Every scan queries NVD NIST for CVEs, crt.sh for SSL certificate history, and Shodan for internet exposure. AI analysis on top of real signals, not guesswork.
📊
Audit-Ready Reports in 60 Seconds
Overall risk score, 6-domain breakdown, critical findings, remediation roadmap, and a fully mapped ISO 27001 Annex A.15 evidence table — ready for your next audit.
🔌
Connects to Your Existing Systems
Integrates with SAP, Salesforce, ServiceNow, Jira, Google Sheets and more — automatically importing your vendor register.
🤖
AI Copilot for Your Portfolio
Ask plain-English questions about your entire vendor portfolio and get answers instantly — no report pulling required.
Free to start

See VendorGuard in action

Scan any vendor in 60 seconds. No account required for your first report.

Run a Free Scan → Book a Live Demo
StarterFree
Pay As You GoR399/scan
BusinessR2,500/mo
EnterpriseCustom
Get Started

Ready to Secure Your Organisation?

Whether you need a cybersecurity assessment, compliance guidance, or a vendor risk programme — Secure91 has the expertise and the tools to get you there.

Book a Consultation View All Services
What We Do

Three Areas. Maximum Impact.

We focus where organisations face the greatest exposure — cybersecurity posture, regulatory compliance, and third-party risk. Expert guidance that delivers measurable, lasting results.

Service 01

Cybersecurity Assessments

Know exactly where you stand. Fix what matters most.

You can't protect what you haven't measured. Our assessments give organisations a clear, evidence-based picture of their security posture — identifying gaps, prioritising risks, and producing a structured remediation roadmap your team can act on immediately.

Secure91 assesses and advises only. We do not implement fixes, draft policies, or configure systems. The report and roadmap are designed to give your internal team or implementation partner everything they need to act.

Every assessment concludes with an executive-ready debrief and a final report suitable for board reporting and audit evidence.

Designed for

Organisations preparing for a security audit, responding to an incident, undergoing digital transformation, or seeking an independent view of their risk exposure.

Request an Assessment

What We Assess

  • Network architecture and access controls
  • Endpoint protection and patch management
  • Identity and privilege management
  • Incident detection and response capabilities
  • Cloud and hybrid environment security
  • Physical security and operational controls

What You Receive

  • Comprehensive risk findings report with severity ratings & evidence
  • Prioritised remediation roadmap for your team or implementation partner to act on
  • Executive summary suitable for board and senior leadership reporting
  • Control gap matrix — what is missing, how serious, and what needs to be done
Service 02

Compliance Readiness

Navigate the frameworks that matter — without the guesswork.

Compliance readiness is an independent assessment of how well your organisation currently meets the requirements of a chosen framework. Secure91 evaluates your existing controls, documentation, and processes, identifies the gaps, and delivers a clear written report with prioritised recommendations.

The work of closing those gaps — drafting policies, building a risk register, implementing controls — is the responsibility of your team. If you require implementation support, we can recommend suitable partners.

We support ISO 27001, SOC 2, POPIA and GDPR — both local and international regulatory environments.

Start a Compliance Review

Frameworks We Support

ISO 27001International

Information security management system standard — demonstrates systematic control of information security risks.

SOC 2US Origin

Trust framework covering security, availability, and confidentiality — required by many enterprise clients and SaaS buyers globally.

POPIASouth Africa

Protection of Personal Information Act — mandates lawful, transparent processing of personal data of South African data subjects.

GDPREuropean Union

General Data Protection Regulation — governs personal data of EU residents, with extraterritorial reach for any organisation handling EU data.

Service Includes

  • Control-by-control gap analysis against your target framework
  • Every gap rated by severity — Critical, High, Medium, or Low
  • Prioritised recommendations report — what needs to be done and in what order
  • Debrief session to walk your team through all findings and answer questions
Service 03
Powered by VendorGuard

Third-Party Risk Management

Your vendors are part of your attack surface. Manage them like it.

VendorGuard is our AI-powered vendor risk intelligence platform. It scans any supplier in 60 seconds — pulling real CVE data, SSL certificate history, and internet exposure signals — and produces an ISO 27001-aligned risk report your auditor will accept.

We help organisations build a structured third-party risk management programme — from policy and process design through to ongoing monitoring and annual review cycles.

What VendorGuard Delivers

  • AI risk score with 6-domain breakdown (0–100)
  • Live CVE data from NVD NIST — real vulnerabilities
  • ISO 27001 Annex A.15 evidence table — audit-ready
  • Prioritised remediation roadmap per vendor
  • Vendor register with lifecycle tracking
  • Integrations: SAP, Salesforce, ServiceNow, Jira + more
  • AI Security Copilot for plain-English questions

Pricing

StarterFree forever
Pay As You GoR399/scan
BusinessR2,500/month
EnterpriseCustom pricing
Get Started

Not Sure Where to Start?

Book a free 30-minute consultation. We'll listen to your situation and tell you honestly which service will have the most impact for your organisation right now.

Book a Free Consultation
About Secure91

About Secure91

A cybersecurity and risk advisory firm that helps organizations assess, understand, and improve their security posture through expert-led analysis and guidance.

Secure91
Who We Are

Who We Are

Secure91 is a cybersecurity and risk advisory firm that helps organizations assess, understand, and improve their security posture through expert-led analysis and guidance.

We specialize in delivering clear, structured insights into cybersecurity risk, governance, and compliance, aligned with internationally recognized standards, frameworks, and regulatory requirements.

Our focus is to provide organizations with the clarity they need to make informed, risk-based decisions and strengthen their security maturity with confidence.

Founder

Jacqueline Segooa

Jacqueline Segooa is a cybersecurity governance and compliance professional with experience supporting security, risk, and compliance programs within enterprise environments.

Her expertise includes cybersecurity risk assessments, governance frameworks, and compliance advisory, with experience aligning organizations to internationally recognized standards, frameworks, and regulatory requirements, including ISO 27001, SOC 2, NIST Cybersecurity Framework (NIST CSF), POPIA, and GDPR.

She has contributed to strengthening governance structures, improving risk visibility, and supporting audit and compliance readiness initiatives.

Through Secure91, Jacqueline provides independent cybersecurity assessments and advisory services, helping organizations understand their security posture and make informed, risk-based decisions.

ISO 27001SOC 2 NIST CSFPOPIA GDPR
What We Do

Our Services

We provide independent advisory services that help organizations:

🔍

Cybersecurity Risk Assessment

Assess cybersecurity risks and identify control gaps across your environment.

📋

Security Posture Evaluation

Evaluate your security posture against leading standards and frameworks.

⚖️

GRC Advisory

Provide governance, risk, and compliance (GRC) advisory aligned to your business objectives.

Audit Readiness Support

Support audit readiness for regulatory and compliance requirements.

💡

Actionable Insights

Translate complex security expectations into clear, actionable insights your team can act on.

Our work is centered on assessment, evaluation, and guidance — helping organizations understand their current state and what needs to improve.

Our Approach

How We Work

At Secure91, we believe cybersecurity should be:

💬

Clear

Easy to understand, without unnecessary complexity.

⚖️

Objective

Independent and unbiased assessment with no conflicts of interest.

📊

Insight-Driven

Based on structured evaluation and analysis, not assumptions.

🎯

Business-Aligned

Supporting organizational goals and risk appetite at every step.

Why Secure91

Why Choose Us

Organizations choose Secure91 because we deliver:

Clear and structured cybersecurity assessments

Independent, objective advisory with no product bias

Alignment to globally recognized standards and regulations

Actionable insights to support informed decision-making

A focus on clarity, not complexity

We work with organizations that value professionalism, structure, and informed decision-making in their cybersecurity and compliance efforts.

What Drives Us

Mission, Vision & Values

🎯

Our Mission

To provide clear, practical cybersecurity risk and compliance insights that enable organizations to make informed, risk-based decisions.

👁

Our Vision

To support organizations in building resilient security programs grounded in strong governance, risk awareness, and alignment to global standards and regulations.

💎

Integrity

We operate with transparency, independence, and professionalism in every engagement.

Clarity

We simplify complex cybersecurity requirements into clear, actionable insights.

📈

Continuous Improvement

We support organizations in strengthening their security maturity over time.

Ready to Work Together?

Let us start with a conversation about your security goals and how Secure91 can help.

Get in Touch

© 2025 Secure91. All rights reserved.

Privacy Policy
Get in Touch

Contact Secure91

If you would like to learn more about our cybersecurity services or discuss your organization's security needs, we would be happy to connect.

Contact Information

📞

Phone

+27 60 316 2580

📧
📍

Location

South Africa

Response Time

We aim to respond to all enquiries within 24-48 hours on business days.

Send an Enquiry

Please complete the form below and a member of the Secure91 team will respond to your enquiry.

© 2025 Secure91. All rights reserved.

Privacy Policy
Legal Documents

Privacy Notice & Terms of Service

These documents govern your use of the Secure91 website and describe how we collect, use, and protect your personal information.

Effective: 1 January 2025  ·  Last Updated: March 2025

© 2025 Secure91. All rights reserved.

Privacy Policy Terms of Service Cookie Policy