Capabilities Accreditation M365 E7 Partnering About Engage
Northforge / Accreditation Acceleration
The Forge Method™

Accreditation built in.
Not bolted on.
From day one.

Our team has delivered at SECRET. That means we know what assessors look for, what controls actually matter, and how to build platforms that pass — not just ones that look like they should.

The Forge Method™
our methodology

A structured four-phase methodology that embeds accreditation requirements into every stage of design, build and operations — so assessors receive complete, coherent packages, not retrospective documentation. Developed from real experience delivering at SECRET and PROTECTED.

01 — Assess
Security posture review
ISM control gap analysis, classification alignment, on-prem to cloud transition risks, existing artefact audit.
02 — Design
Accreditation-ready architecture
Control-mapped patterns, SSPS, risk registers and authority artefacts in assessor-ready formats — produced concurrently.
03 — Implement
Secure platform build
Sovereign cloud, identity, endpoint and collaboration deployed against validated, pre-approved patterns.
04 — Operate
Continuous compliance
Governance, uplift and evidence collection to sustain accreditation through the operational life of the environment.
Assessor-first artefacts

Every document produced in formats IRAP assessors expect — no reformatting, no rewriting after design is complete.

Pre-validated patterns

Reusable, pre-assessed design patterns for common Defence capability types — drawing on real classified-environment experience.

Control-native design

ISM controls satisfied by platform and configuration choices — not addressed in documentation alone.

Timeline comparison
typical programme, Protected environment
Without Northforge
~18–24 months
Architecture
3–4 mo
Artefacts
4–5 mo
IRAP assessment
3–4 mo
Remediation
4–6 mo
Re-assessment
2–4 mo
With Northforge
~8–12 months
Assess + Design
6–8 wks
Artefacts
concurrent
Implement
8–12 wks
IRAP assessment
6–8 wks
Remediation
minimal
~50%
Typical reduction in time-to-accreditation.
Artefacts produced concurrently with design. Remediation cycles reduced through control-native, classified-environment-informed architecture.
Case study
sanitised — programme details protected
Federal Defence Agency — Protected Environment
Secure Collaboration Platform — IRAP Accreditation
Accredited
The challenge

Programme had been in architecture phase for 9 months with no accreditation-ready artefacts produced.

Existing design used commercial-default configurations that failed ISM controls at PROTECTED.

No SSPS, no risk register, no authority artefacts — IRAP assessment couldn't commence.

Operational deadline was fixed — 6 months to accreditation or the programme would be descoped.

What Northforge delivered

Redesigned cloud identity and endpoint posture against pre-validated, classified-environment-informed patterns in 6 weeks.

Complete IRAP artefact package — SSPS, risk register, control evidence and SoA — produced concurrently with design.

IRAP assessment commenced within 10 weeks. Zero findings requiring re-assessment.

Operational capability achieved within the fixed deadline.

6wks
To IRAP-ready architecture
0
Re-assessment cycles
5mo
Total time to accreditation
Artefacts & deliverables
produced by Northforge
Architecture
DOC
System Security Plan (SSPS)
DOC
High-Level Design (HLD)
DOC
Low-Level Design (LLD)
DOC
Architecture Decision Records
Accreditation
XLS
ISM Statement of Applicability
XLS
Risk register
DOC
Security Risk Assessment (SRA)
DOC
Plan of Action & Milestones
Operations
DOC
Operational procedures
DOC
Incident response plan
DOC
Continuous monitoring plan
DOC
Supply chain risk management

Ready to move faster through accreditation?

Engage Northforge to scope your secure digital programme.

Start a conversation →