Process - Strodeo

This is how we work

From the first meeting to finished delivery, no surprises.

1. Free Call (30min)

We listen to your situation. You tell us about your AI systems and challenges. You pay nothing. No obligations. If we can help, we tell you how.

2. We Send a Quote

Within 2 working days you will receive a clear quote: exactly what is included, what it costs, how long it will take. No hidden costs.

3. You Fill Out the Form

After an approved quote, we send you a structured questionnaire. It takes 20-30 minutes to fill out. It gives us the information we need to make an accurate analysis.

4. Kickoff & Deep Analysis

We hold a focused meeting to validate your answers and uncover hidden "Shadow AI". After this, we map your entire setup against relevant framework requirements.

5. Your Roadmap & Documents

We generate your custom compliance deliverables. You receive a concrete action plan, fully drafted policies, risk registers, and system inventories tailored to your organization.

6. Executive Presentation

We walk your leadership team through the final Assessment Report. We highlight critical risks, explain the legal implications, and outline the strategic next steps for continuous compliance.

Do we need to complete an AI Risk Assessment before ordering ISO 42001 preparation?

Yes, typically our AI Risk Assessment is the required foundational step. To build a robust Artificial Intelligence Management System (AIMS) for ISO 42001, we first need a clear baseline of your current AI inventory and vulnerabilities. If you haven’t done one yet, we can bundle these services together for a seamless process.

Can we purchase individual services, or do we have to buy a package?

You can absolutely purchase standalone services. While our offerings are designed to follow a logical progression (e.g., Risk Assessment leading to EU AI Act Compliance), each service is a self-contained project that delivers immediate, concrete value and specific documentation for your business.

How long does an average engagement take?

It depends entirely on the scope of the service. A targeted AI Vendor Due Diligence takes just 3–5 days, while a comprehensive AI Risk Assessment takes about 2–3 weeks. A full ISO 42001 preparation project is our most extensive engagement and typically spans 2–4 months. We always agree on a clear timeline before starting.

Do you issue the official ISO 42001 certification yourselves?

No, and no credible consultant should. To maintain strict objectivity and avoid conflicts of interest, we act as your expert implementation partner. We prepare your entire organization, build the framework, and generate the documentation. Once you are fully ready, you undergo the official audit with an accredited, independent certification body.

What happens if we are not satisfied with the results?

We operate on fixed-price contracts with clearly defined deliverables. There are no hidden hourly fees. If the final documentation or analysis does not meet the regulatory scope agreed upon in our initial proposal, we will revise the deliverables until they do. Your compliance and security are our ultimate priorities.

How much time will this require from our internal team?

We respect your time. By utilizing our digital assessment forms before our meetings, we eliminate the need for endless workshops. You can expect your IT and compliance leads to spend a few focused hours answering questions and attending our validation meetings, rather than weeks away from their core tasks.

Is our sensitive company data and IP safe during your analysis?

Absolutely. We operate under strict Non-Disclosure Agreements (NDAs) signed before any work begins. We only review the data necessary for the compliance and risk assessment. We do not need access to your proprietary source code, underlying algorithms, or raw customer databases.

Do you also help us implement the technical IT fixes you recommend?

To remain a completely independent and objective auditor of your compliance status, we do not build or code the technical IT systems ourselves. However, we provide you with an exact, prioritized technical roadmap, and we can recommend certified IT partners from our trusted network to help you patch the vulnerabilities.

Are your frameworks updated with the latest EU AI Act and NIS2 mandates?

Yes. The regulatory landscape for AI and cybersecurity is shifting rapidly. Our assessment engines and policy templates are continuously updated to reflect the absolute latest legal requirements, ensuring your business stays ahead of the curve and avoids regulatory fines.