Interconnekt
ARC Programme

AI, Risk & Compliance

ARC is how we work with customers who'd rather have one accountable partner across the three pressures every modern SMB now faces: AI adoption, cyber risk, and compliance attestation. Three named delivery programmes, one cover engagement, one quarterly cadence, one principal who owns the integrated view.

Book an ARC Discovery CallSee pricing
Next step

Ready to scope AI, Risk & Compliance for your business?

Book an ARC Discovery CallSee pricing
What’s included

Scope that’s actually defined.

Every inclusion below is documented, delivered, and renewable under our standard agreement. No surprise scope. No silent exclusions.

A. Advisory and AI

vCIO and vCISO leadership voice paired with Copilot Ready as the AI execution arm. Strategy that owns the roadmap plus an AI rollout that respects your data hygiene.

R. Risk

Security Foundations delivers managed MDR, email and endpoint security, awareness training, immutable backup, and an incident response retainer. Tools an SMB can actually operate.

C. Compliance

Compliance Foundation Programme delivers CIS Controls v8 implementation, Essential Eight maturity uplift, evidence management, and annual reattestation. Programmes that get implemented, not just referenced.

Quarterly cadence

Programme reviews every quarter across all three pillars. One conversation, one risk register, one roadmap rather than three vendor relationships drifting out of sync.

Modular delivery

Start with the pillar that's most urgent and add the others as priorities surface. Each pillar has its own SOW; ARC has a cover engagement that strings them together.

Named principal

One senior who owns the integrated view across A, R, and C - so the AI rollout, the security baseline, and the compliance evidence are not three separate conversations.

What’s not included

The boundaries, stated up front.

Knowing where a service stops matters as much as knowing what it covers. Here’s what sits outside this engagement - so there are no awkward surprises later.

A bundle you can't unpick

ARC strings three programmes together, but each pillar has its own SOW. You can scope, see, and exit any pillar independently - it's a partnership, not a lock-in.

Hardware, licences, and metered cloud

ARC is the programme of work across A, R, and C. The underlying devices, Microsoft licences, and Azure consumption are billed at cost, as with every service.

The formal audit or legal sign-off

ARC gets you to an evidence-grade posture and a coherent roadmap. The formal audit opinion or legal attestation still comes from your assessor or auditor.

How we deliver

A sequence you can hold us to.

Every engagement runs the same four steps. You always know which one we’re in and what comes next.

  1. 01

    Scope

    We map your current state and agree exactly what's in and out, in writing, before any work or invoice. No surprise scope, no silent exclusions.

  2. 02

    Plan

    A documented plan with milestones, owners, and success criteria you can hold us to - so you know what good looks like before we start.

  3. 03

    Implement

    We do the work with change control and your sign-off at each gate. You see progress against the plan, not a black box.

  4. 04

    Operate

    Ongoing management, published performance, and a quarterly review that keeps the work honest and the roadmap current.

Frequently asked

The questions we get most.

Can we buy just one pillar?
Yes. Each pillar is a standalone engagement under its own SOW. ARC is a cover programme that strings them together with shared cadence and a single accountable principal. Customers often start with one pillar and add the others as priorities surface.
How does ARC relate to Strategic Advisory?
Strategic Advisory is the leadership side of the A pillar. Customers buying ARC get vCIO and vCISO capability inside the programme. Customers who only want the leadership voice can engage Strategic Advisory on its own, without the delivery work in the R and C pillars.
Is ARC only for regulated industries?
No. ARC works for any SMB that wants a single named partner across AI adoption, security, and compliance. Regulated industries (finance, healthcare, professional services with cyber-insurance pressure) hit the ARC value sooner because the three pressures arrive together. Other SMBs adopt ARC for coherence, not regulatory urgency.
How long is the ARC engagement?
Typically 12 to 36 months with quarterly programme reviews. The first quarter focuses on baseline assessments across all three pillars. Subsequent quarters work through the prioritised remediation list. Customers can exit any individual pillar at SOW renewal without affecting the others.
What does ARC cost?
Pricing is tailored to your size and risk profile - ARC is a multi-year programme so the cost reflects the breadth across A, R, and C plus the cadence. Book a discovery call and we'll size it against your current posture.
Related reading

Go deeper on ai, risk & compliance

Compliance · 9 min read

Asked for CIS Controls and the Essential Eight? Here's how they actually map.

Auditors and insurers increasingly want both CIS Controls v8 and the Essential Eight. They overlap, but they aren't the same shape. Here's the control-by-control mapping we use - and the four CIS controls the Essential Eight quietly leaves you exposed on.

Read articleCompliance · 6 min read

ML1 is enough. Most SMBs still overshoot.

The Essential Eight has three maturity levels. Most SMBs reach for ML2 or ML3 because the number looks better. Here's why ML1, done honestly, beats ML2 done badly - and what the gap actually costs.

Read articleOpinion · 4 min read

Why we publish our prices (and most MSPs don't)

The argument for transparent pricing, the objections we get, and the customers it brings - unfiltered. A post we've been threatening to write for two years.

Read article
Related services

Usually bundled with ai, risk & compliance

Compliance

Roadmap, remediation, and ongoing attestation against the CIS Critical Security Controls and the Australian Essential Eight. Frameworks that actually get implemented, not just referenced.

Learn more

Cyber Security

Managed MDR, email and endpoint security, security awareness training, and incident response - delivered through vetted partner platforms. Built for SMBs who can't afford an incident.

Learn more

AI

Microsoft 365 Copilot deployment, AI governance policies, enablement workshops, and practical AI workflow consulting. Copilot for your business, governed properly.

Learn more

Strategic Advisory

IT roadmap, budgeting, and board-level reporting. Security strategy and technology governance - vCIO and vCISO capability without the head count.

Learn more
Ready when you are

Leave the MSP that doesn’t pick up.

Tell us what your current setup looks like. We’ll send back a quote, a transition plan, and a firm date you’d be onboarded - within 48 hours.

Response
Within 48 hours
Format
Written quote
Discovery call
Not required
Contracts
No lock-in terms

We’ll respond within 48 business hours. No spam, ever.