Home Capabilities How We Work M365 E7 Partnering About Contact
ACCREDITATION
Northforge / How We Work
The Forge Method™

Accreditation built in.
Not bolted on.
From day one.

Our team has delivered at SECRET. We know what assessors look for, what controls actually matter, and how to build platforms that pass — not just ones that look like they should.

our methodology
The Forge Method™

A structured four-phase methodology that embeds accreditation requirements into every stage of design, build and operations — so assessors receive complete, coherent packages, not retrospective documentation. Developed from real experience delivering at SECRET and PROTECTED.

01 — Assess
Security posture review
ISM control gap analysis, classification alignment, on-prem to cloud transition risks, existing artefact audit.
02 — Design
Accreditation-ready architecture
Control-mapped patterns, SSPS, risk registers and authority artefacts produced concurrently in assessor-ready formats.
03 — Implement
Secure platform build
Sovereign cloud, identity, endpoint and collaboration deployed against validated, pre-approved patterns.
04 — Operate
Continuous compliance
Governance, uplift and evidence collection to sustain accreditation through operational life.
Assessor-first artefacts

Every document produced in formats IRAP assessors expect — no reformatting, no rewriting post-design.

Pre-validated patterns

Reusable, pre-assessed design patterns drawing on real classified-environment experience — no proof-of-concept overhead.

Control-native design

ISM controls satisfied by platform and configuration choices — not addressed in documentation alone.

typical Protected programme
Timeline comparison
Without Northforge
~18–24 months
Architecture
3–4 mo
Artefacts
4–5 mo
IRAP assessment
3–4 mo
Remediation
4–6 mo
Re-assessment
2–4 mo
With Northforge
~8–12 months
Assess + Design
6–8 wks
Artefacts
concurrent
Implement
8–12 wks
IRAP assessment
6–8 wks
Remediation
minimal
~50%
Typical reduction in time-to-accreditation.
Artefacts produced concurrently with design. Remediation cycles reduced through control-native, classified-environment-informed architecture.
sanitised — programme details protected
Case study
Federal Defence Agency — Protected Environment
IRAP accreditation — secure collaboration platform
Accredited
The challenge

Programme stalled for 9 months — no accreditation-ready artefacts produced.

Commercial-default configurations failing ISM controls at PROTECTED.

No SSPS, no risk register — IRAP assessment couldn’t commence.

Fixed deadline — 6 months to accreditation or programme descoped.

What Northforge delivered

Redesigned cloud identity and endpoint posture in 6 weeks using pre-validated patterns.

Complete IRAP artefact package — SSPS, risk register, control evidence and SoA — produced concurrently.

IRAP assessment commenced within 10 weeks. Zero findings requiring re-assessment.

Operational capability achieved within the fixed deadline.

6wks
To IRAP-ready architecture
0
Re-assessment cycles
5mo
Total time to accreditation
produced by Northforge
Artefacts & deliverables
Architecture
DOC
System Security Plan (SSPS)
DOC
High-Level Design (HLD)
DOC
Low-Level Design (LLD)
DOC
Architecture Decision Records
Accreditation
XLS
ISM Statement of Applicability
XLS
Risk register
DOC
Security Risk Assessment (SRA)
DOC
Plan of Action & Milestones
Operations
DOC
Operational procedures
DOC
Incident response plan
DOC
Continuous monitoring plan
DOC
Supply chain risk management

Ready to move faster through accreditation?

Engage Northforge to scope your secure digital programme.

Start a conversation →