ISQM 1 evaluation cycle ACTIVE lobal

FRC / PCAOB inspections 2026 PLANS FILED

SOCPA peer review UNDERWAY

PDPL fully enforceable — SAR 5M exposure

EU audit reform oversight RAMPING

IRBA, ICPAK, FRC Nigeria QR CYCLES LIVE

Audit firms live on falconry.one across 4 REGIONS

ISQM 1 evaluation cycle ACTIVE — global

FRC / PCAOB inspections 2026 PLANS FILED

SOCPA peer review UNDERWAY

EU audit reform oversight RAMPING

IRBA, ICPAK, FRC Nigeria QR CYCLES LIVE

Audit firms live on falconry.one across 4 REGIONS

Book a Demo
Book a Demo
Operated by Falconry Solutions

The platform operated by people who built it.

Some firms want the platform. Some firms want the platform and the people running it. Falconry-supplied SoQM cycles, DPO mandates, vCISO programmes, and inspection support — all running on falconry.one, with one accountable lead partner. Looking for support on engagements you deliver to clients? See Audit delivery support.

§01 / WHY MANAGED

Three reasons firms choose
operated over staffed-internally.

Audit firms are not technology firms. The talent market for Quality Partners, DPOs and CISOs is thin, and getting thinner. Some functions are easier to source as a service than to recruit, train, and retain.

№ 01 · CAPACITY

Functions that are hard to staff.

Recruiting an experienced DPO or virtual CISO with audit-firm context, in-region credentials, and bandwidth to cover 12 months a year is a one- to two-year exercise — sometimes longer. Falconry's panel of mandate-ready specialists is on a multi-year ramp.

№ 02 · CONTINUITY

Functions that can't lapse.

The SoQM cycle, the DPO function, the inspection-readiness programme — they don't pause for staff departures. A managed service provides continuity by default, with two-deep coverage, holiday cover and a partner backstop.

№ 03 · ACCOUNTABILITY

Functions where somebody must own it.

The named DPO. The mandated vCISO. The Quality Partner who signs off the SoQM. These are accountable roles. Falconry mandates are named, contracted, and registered with the relevant authority where required.

§02 / SERVICES

Four services.
Same operating model.

Each runs on the firm's falconry.one instance. Each is led by a named partner. Each has a quarterly review with the firm's Managing Partner. None is sub-contracted offshore.

Service № 01

Managed SoQM cycle

Falconry runs the firm's ISQM 1 SoQM evaluation cycle on falconry.one — from evidence collection and partner interviews through to deficiency identification, remediation tracking, and the final inspector-ready pack. Your Quality Partner signs off; Falconry does the legwork.

Lead

Quality-Partner-experienced lead

Cadence

Continuous · monthly partner review

What's included
  • Quarterly SoQM component refresh — all 8
  • Partner interview programme & evidence capture
  • Deficiency identification & root-cause coding
  • Remediation tracking with partner-level escalation
  • Annual inspector-ready evaluation pack
  • SOCPA / FRC / IRBA / ICPAK liaison support
FROM USD 6k / month
FIRM SIZE BAND
Service № 02

Outsourced DPO

A named, registered Falconry DPO running the firm's data protection programme on falconry.one. Records of processing, lawful-basis register, DPIA workflow, data-subject-rights queue, and breach notification — operated, not just licensed. Compatible with PDPL, UK GDPR, EU GDPR, POPIA.

Lead

Named & regulator-registered DPO

Cadence

Continuous · DSR queue daily

What's included
  • Records of processing & lawful basis maintenance
  • Data-subject-rights queue triage & response
  • DPIA workshop facilitation & sign-off
  • 72-hour breach notification readiness
  • Annual data protection report to partners
  • Regulator liaison & complaint response
FROM USD 4.5k / month
JURISDICTIONS BAND
Service № 03

Virtual CISO

A named virtual CISO mandate, with the cyber control attestation cycle on falconry.one, third-party risk programme, board-level cyber reporting cadence, and incident-response leadership when the firm needs it. Aligned to ISO 27001, NIST CSF, NCA ECC, NCSC CAF.

Lead

Named vCISO · CISM credentialled

Cadence

Continuous · monthly board cadence

What's included
  • Cyber control library + quarterly attestation
  • Third-party / vendor risk programme
  • Penetration test scoping & remediation oversight
  • Incident response leadership on activation
  • Monthly cyber dashboard to partners
  • Annual cyber strategy review with Managing Partner
FROM USD 7k / month
RISK PROFILE BAND
Service № 04

Inspection response

The phone call you make when an FRC, SOCPA, IRBA, ICPAK or AQR letter arrives. Falconry partners step in on day one, mobilise the evidence pack from falconry.one, and run the inspection liaison alongside your Quality Partner. Hourly under retainer; rapid-mobilisation guaranteed.

Lead

Engagement Partner-level

Activation

Within 48 hours of inspection notice

What's included
  • Day-one inspector-ready evidence pack
  • Walkthrough rehearsal with Quality Partner
  • On-site / remote presence during inspection
  • Post-inspection observation triage & response
  • Remediation programme management
  • RCA & SoQM cycle integration
USD 18k retainer · activation T&M
RAPID MOBILISATION
§03 / OPERATING MODEL

Same shape, every service.

Whatever managed service the firm chooses, the operating cadence is the same — a four-step quarterly rhythm that surfaces decisions to your Managing Partner without surfacing operational noise.

№ 01 · DAILY

Operations

The Falconry mandate-lead operates the function on the platform — DSR queue, control attestations, evidence capture, inspection prep — visible to your firm's Quality Partner in real time.

№ 02 · MONTHLY

Partner brief

One 30-minute call per month with the firm's Quality Partner (or DPO sponsor). Status, exceptions, decisions needed, evidence delta. Minutes auto-logged on the platform.

№ 03 · QUARTERLY

Managing Partner review

One quarterly review with the firm's Managing Partner. Higher-altitude: programme posture, regulatory horizon, talent decisions, commercial scope. Designed to be the only call required.

№ 04 · ANNUAL

Independent review

Once a year, an independent Falconry Engagement Partner — not the mandate lead — reviews the function against the original SLA, the platform evidence, and emerging regulatory expectations.

§04 / SLA

Service levels in the contract.

Not aspirations in a marketing deck. Each managed service has an SLA in the MSA. If we miss it, we credit. The numbers below are the standard floor — bespoke SLAs available for Networks tier.
Response · DSR / breach

< 4 hrs

Acknowledgement of any data-subject right or material breach indicator, business hours.

Mobilisation · inspection

< 48 hrs

Inspection response retainer activation from formal regulator notice.

SoQM evidence refresh

< 14 dys

Quarterly evidence refresh cycle from quarter-end across all 8 ISQM 1 components.

Cyber attestation cycle

< 30 dys

Quarterly cyber control attestation cycle close, from period-end through partner sign-off.

NEXT STEPS

The 45-minute conversation
that pays for itself.

A live walkthrough of an ISQM 1 SoQM evaluation on the platform — against your firm's existing manual and inspection history. You see exactly what the partner view looks like, what the evidence pack contains, and what the 8-week deployment would mean for your cycle.

Book an ISQM 1 walkthrough