Core · Axulu Titanium

Stop firefighting
your own estate.

Hardened. Standardised. Recoverable.

Titanium is the IT operating base that evidence is built on. Not a new IT provider — the control layer your current provider never contracted to own.

Book a conversation →See what's included

Fixed-price review available · No long-term contract required to start

Where Titanium sits

Axulu's five layers move from evidence (Safe) through control (Titanium) to planning, acceleration, and senior judgement. Titanium is the foundation. You can start with a Defensibility Snapshot and discover you need Titanium — or you can start with Titanium and build evidence-readiness from the ground up.

Safe → evidenceTitanium → controlPlan → visibilitySupercharge → accelerationLeadership → judgement

Does this sound familiar?

The estate that works — until it's interrogated.

Your MSP keeps you running

But 'running' and 'evidenced' are different things. Your MSP is contracted to fix tickets. Nobody contracted them to own your proof.

Your estate is a patchwork

Legacy devices, inconsistent policies, verbal assurances about patching. The insurer doesn't accept verbal. The framework auditor doesn't either.

Everything works until scrutiny arrives

A cyber claim. A framework application. An FCA review. A PE buyer's technical due diligence. That's when the patchwork becomes a liability.

You don't know what you own

Shadow IT, unmanaged endpoints, personal devices with company data. You can't evidence controls you haven't mapped.

Your policies are fiction

MFA enforced. Backups tested. Incident plan maintained. The policy says so. The evidence doesn't exist.

One person holds it all together

Your IT manager, your MSP account manager, your compliance lead. Single points of failure aren't recoverable. They're liabilities.

The gap your MSP contract never closed.

In more than 95% of IT contracts, evidence obligations default to the client — not because the MSP is negligent, but because no one contracted otherwise. Your MSP is paid to keep things running. They are not paid to produce the evidence that your insurer, auditor, or framework body will demand.

Titanium closes that gap. We read your MSP contract, map what they own, identify what nobody owns, and take ownership of the evidence layer. Your MSP stays your MSP. We sit above them.

This is not a security audit. It is not a compliance checklist. It is a functioning, maintained, evidenced operating base — built on your existing Microsoft 365 environment — that satisfies your insurer, your auditors, and your board simultaneously.

Who actually owns each gap

Right now, it all defaults to you.

Evidence obligationYou nowYour MSPAxulu Titanium
Write and enforce MFA policyOn youAssumedWe own it
Backup restore testing with logsOn youAssumedWe own it
Endpoint patching evidenceOn youAssumedWe own it
Incident response planOn youWe own it
MSP contract gap analysisOn youWe own it
Evidence pack for insurer / auditorOn youWe own it
Named control ownership mapOn youWe own it
Board-level IT governance reportOn youWe own it

What you actually get

Five things Titanium delivers.

01

A standardised, documented IT baseline

Microsoft 365 tenant hardened to CIS/NCSC benchmark. Endpoint management via Intune or equivalent. Clear, written policies — not verbal understandings.

02

Evidence that exists and can be produced

MFA logs. Backup restore records with timestamps. Patch management reports. Named ownership of every control. All in a format an insurer, auditor, or buyer can interrogate.

03

Ownership that doesn't live in one person's head

Documented procedures. Tested recovery. Succession-proof. If your IT manager leaves tomorrow, the evidence stays.

04

A base that satisfies multiple scrutineers simultaneously

The same control set that satisfies your cyber insurer also satisfies your framework auditor, your FCA supervision, and your customer DDQ. Built once. Evidenced everywhere.

05

Senior human governance above the MSP

Axulu sits above your MSP. We don't replace them — we make sure the controls they implement actually satisfy your scrutineers. No scripts. No juniors.

Your sector. Your evidence bar.

The same problem. Different scrutineers.

Titanium is built for evidence-sensitive SMEs across sectors. The control layer is the same. The scrutineers — and the language they use — are different.

Construction sector
Construction supply chain

Scrutiny: Framework auditors · Primes · Cyber insurers

M&E contractors and subcontractors face Constructionline, CAS V4, and Procurement Act 2023 supplier requirements. WhatsApp photos and MSP verbal assurances don't satisfy Section 16–17 evidence requirements. A single PQQ rejection on cyber evidence grounds costs more than a year of Titanium.

Titanium outcome

A documented, evidenced IT control base that passes framework cyber sections — built on your existing Microsoft 365 environment, with ownership maps and restore logs that a prime contractor can actually review.

Construction sector page →
Financial services sector
Regulated financial services

Scrutiny: FCA · Cyber insurers · Client DDQs · PE buyers

SM&CR Duty of Responsibility means the named Senior Manager is personally liable if they cannot evidence reasonable IT governance steps. A verbal assurance from your MSP is not evidence. The FCA, your insurer, and an acquirer's technical due diligence team will all ask the same question: prove it.

Titanium outcome

An evidenced IT governance base mapped to SM&CR obligations, Consumer Duty operational resilience requirements, and cyber insurer declarations. The same evidence pack satisfies all three simultaneously.

Financial services sector page →

Important distinction

Titanium is not a replacement for your MSP.

Your MSP keeps the lights on. Titanium makes sure the controls your MSP implements are evidenced, owned, and defensible. We don't compete with your MSP. We read their contract, map what they own, and own what they don't.

If your MSP is already doing this, we'll tell you that. The Defensibility Snapshot finds out in five working days.

Senior judgement layer

Matthew — Principal & Founder, Axulu

"I built the locksmith for ten years. Then I built Axulu from the ground up to own the evidence layer. I know what an MSP contract says, what it excludes, and exactly where the gap lands. It lands on you. Every time."

Matthew — Principal & Founder

30 years across enterprise architecture, M&A integration, vCIO work, and cyber policy interpretation. Former CEO of a £12m MSP. Every Titanium engagement starts with senior human judgement — not a junior on a script.

TOGAF CertifiedCIO/CTO operatingvCIO · 40+ estatesFormer MSP CEOM&A integrationRegulated sectors

Common questions

What MDs, finance directors, and operations leads ask before signing.

We already have an MSP.

Titanium sits above your MSP, not instead of them. Your MSP runs your tickets and tools. Axulu makes sure the controls they implement are actually evidenced, owned, and defensible. Most MSP contracts explicitly exclude this — we start by reading yours.

We're too small for this.

The firms we work with are typically 10–200 staff. The scrutiny they face — insurer claims, framework audits, FCA supervision, sale processes — is not proportionate to headcount. The insurer doesn't ask how many staff you have before denying a claim.

We passed Cyber Essentials. That's enough.

Cyber Essentials tells you what controls to have. It doesn't produce the ongoing evidence that your controls were in place on the day of a breach, the day of a renewal, or the day of a framework audit. Those are different things.

Our IT manager handles this.

If your IT manager left tomorrow, would the evidence survive? Would the procedures be documented? Would the insurer be able to interrogate them? Single-point-of-failure IT governance is itself a risk your insurer can raise at claim time.

How is this different from consulting?

The Snapshot is fixed-scope consulting. Titanium is an ongoing operating layer — monthly evidence review, quarterly readiness assessment, live defensibility score. We sell outcomes, not days. Senior humans where judgement matters, software where it doesn't.

We've never had a claim denied.

Most businesses haven't — yet. The scrutiny environment has changed materially in the past 18 months. Insurers are now evidence-checking at claim time in a way they weren't before. The firms that built their evidence base before scrutiny arrived are the ones that sleep at night.

Choose your next move

Start with proof. Build the base. Stay defensible.

Find the gap

Framework-Ready Review

£950fixed price

  • ✓ Results in 5 working days
  • ✓ Maps every evidence gap
  • ✓ Board-ready summary
  • ✓ Refund if no meaningful gaps found
Start the Review
Most popular

Stay defensible

Axulu Titanium

From £2,500/month

  • ✓ Hardened Microsoft 365 baseline
  • ✓ Monthly evidence review
  • ✓ Quarterly readiness assessment
  • ✓ Live defensibility score
  • ✓ Senior human governance layer
Talk to Us

Get framework-ready

Framework-Ready Sprint

Customscope

  • ✓ 30-day intensive programme
  • ✓ Framework or insurer deadline-driven
  • ✓ Executive-ready outputs
  • ✓ Selected projects only
Discuss Project

The estate doesn't fix itself.

Start with a fixed-price review. Know exactly where the evidence gaps are in five working days. Refund if we find nothing meaningful.

Book a conversationOr try the free 12-minute check

Framework-Ready Review · £950 · 5 working days · Refund guarantee