Security Assessments.

Know where you stand. Close the gaps. Prove it to your auditors.

Know Your Risk.

Every South African organisation faces increasing pressure to demonstrate cybersecurity maturity — from POPIA compliance obligations and cyber insurance requirements to ISO 27001 certification and government RFP submissions. The question is no longer whether you need a security assessment, but how quickly you can get one done.

AOLC delivers structured, thorough security assessments using certified Tier 3 and Tier 4 consultants. We don't just scan and hand you a PDF — we give you a prioritised, actionable remediation plan and help you close the gaps. Whether you need a vulnerability assessment, a full gap analysis, or active penetration testing, we tailor the engagement to your size, budget, and regulatory requirements.

Book an Assessment
Security assessment and compliance review

Vulnerability Assessments.

Automated scanning to find unpatched systems, open ports, misconfigurations, and known CVEs.

Small

Up to 50 devices

Automated vulnerability scan across your environment with full CVE scoring, a prioritised remediation plan, and an executive summary. Delivered in 5 business days.

Get a Quote

Medium

51 – 200 devices

Expanded scope covering servers, network devices, Active Directory configuration review, and network segmentation assessment. Full CVE scoring and prioritised remediation. Delivered in 7 business days.

Get a Quote

Continuous Monitoring

Ongoing protection

Monthly automated re-scans with new CVE alerts and a monthly delta report showing what changed. Initial vulnerability assessment included at no extra charge so you start with a clean baseline.

Get a Quote

InfoSec Gap Assessments.

Structured review against ISO 27001, NIST CSF, and POPIA — with a 12-month security roadmap.

Small

Up to 25 users

Policy review, technical controls assessment, staff awareness spot-check, gap register, 12-month security roadmap, and executive presentation. Everything you need to understand where you stand and what to fix first.

Get a Quote

Medium

26 – 100 users

Everything in Small, plus expanded technical scope, full policy library review, vendor risk summary, on-site half-day assessment, and board-ready maturity scoring. Built for organisations with compliance obligations.

Get a Quote

Large

100+ users

Everything in Medium, plus multi-site scope, full NIST CSF maturity scoring, detailed control implementation guide, two on-site days, quarterly progress reviews, and a certification-readiness opinion for ISO 27001.

Get a Quote

Penetration Testing.

Certified ethical hackers actively exploit your weaknesses — so real attackers can't.

External

Up to 5 IPs / domains

Public-facing exploitation of your internet-exposed assets. Detailed technical report and executive summary with all findings scored using CVSS methodology.

Get a Quote

Standard

Internal + External, up to 50 assets

Everything in External, plus internal network penetration testing, Active Directory attack path analysis, segmentation breach testing, and privilege escalation attempts.

Get a Quote

Comprehensive

100+ assets

Full environment, multi-day engagement by two certified specialists. Includes cloud tenant testing, application-level testing, optional physical security testing, and a board briefing on findings.

Get a Quote

Managed SIEM.

Centralised log analytics and threat correlation — monitored 24/7 by our SOC.

SME

Up to 25 devices

Centralised log ingestion, Microsoft 365 and cloud correlation, 24/7 SOC monitoring, 12-month log retention, and monthly compliance reports. Real security monitoring without building your own SOC.

Get a Quote

Business

26 – 100 devices

Everything in SME, plus expanded log sources, advanced correlation rules, 30-minute analyst SLA, quarterly SOC review, and API export for cyber insurance evidence submissions.

Get a Quote

Enterprise

100+ devices

Everything in Business, plus unlimited integrations, a dedicated SOC analyst, monthly executive threat briefing, SOAR-assisted automated playbooks, and custom compliance dashboards.

Get a Quote

Incident Response Retainers.

Pre-breach coverage — so when an attack happens, we respond in hours, not days.

Basic

10 hours / year

Pre-signed IR agreement, zero-execution containment, digital forensics, and an insurance-ready breach report. 1 business day SLA from notification to active response. Unused hours are convertible to proactive security services.

Get a Quote

Standard

20 hours / year

Everything in Basic, plus a 4-business-hour SLA, annual tabletop exercise, IR playbook review, and a named IR case manager. Unused hours are convertible to any Tier 3 or Tier 4 consultancy engagement.

Get a Quote

Why Assessments Matter.

POPIA Compliance

Demonstrate accountability under Section 22 with documented security controls and gap remediation.

Cyber Insurance

Most SA insurers now require VA reports, IR retainers, and evidence of regular phishing testing.

ISO 27001

Gap assessments map directly to ISO 27001 controls — the fastest path to certification readiness.

Government RFPs

AOLC reports support SITA/DPSA cybersecurity compliance submissions.

Request an Assessment.

Tell us what you need evaluated and we'll scope the right engagement.