The initial phase of enterprise software deals usually includes a questionnaire in which the buyer asks the vendor doing the selling about its cybersecurity program. One of the first questions on the list is whether the vendor complies with SOC 2. That’s a collection of cybersecurity best practices widely supported by tech firms. SOC 2 is also finding increasing use among other businesses, including certain consultancies. Boardroom Insight recently caught up with the CEO and CMO of one such consultancy, executive compensation specialist Pearl Meyer, to learn why it decided to make cybersecurity a bigger focus. Plus, business updates from Alexander Group, Nomios Group, AppDirect, Optimatum Solutions and Havas’ Gate One.

Pearl Meyer achieves SOC 2 Type 2 compliance. The framework, which was developed by the American Institute of Certified Public Accountants, contains a long list of cybersecurity best practices for companies. The guidelines cover steps such as scanning a firm’s internal systems for vulnerabilities and training employees on avoiding online risks. There are also items that aren’t mandatory but come strongly recommended, such as multi-factor authentication.

Pearl Meyer CMO Jake George told Boardroom Insight that quite a bit of work went into the firm’s certification. “Achieving SOC 2 Type 2 compliance reflects the culmination of a multi-year investment,” George said. “While many firms discuss data protection in principle, few have subjected their controls to the depth and duration of independent testing required by a Type 2 examination. Within Pearl Meyer’s consulting segment, this level of verified rigor remains uncommon.”

After a company implements SOC 2 Type 2 controls, it must undergo an audit to verify that it indeed ticks all the boxes. That audit then has to be renewed annually. Depending on the size of a company, such renewals can cost more than $100,000.

“The return on this investment is measured in trust capital – our clients’ confidence that their information is secure,” Pearl Meyer CEO Beth Florin told us.

Optimatum Solutions appoints Meghan Jutca as managing director. The New York-based consultancy helps companies improve the performance of their HR programs. That involves tasks such as modernizing the HR team’s workforce management software and identifying unnecessary costs.

Jutca will help lead the delivery of Optimatum’s M&A services, which assist firms with the integration of newly acquired subsidiaries’ HR teams. Before a buyout agreement is signed, Optimatum can identify potential risks in the HR systems of the company being acquired. Post-deal, the consultancy can work on value creation initiatives. That includes automation software rollouts. 

“Our team helps clients navigate this automation journey from process design to technology stack assessment and system implementation through change management and adoption, freeing HR to focus on what truly drives growth: talent, culture, and the employee experience,” Jutca explained.

Automating workforce management processes has become easier in certain respects thanks to the AI features that HR software vendors have rolled out to their platforms over the past two years. “Leading HCM vendors are doubling down on AI, machine learning, and knowledge management investments,” Jutca said. She pointed out that large HR software vendors are building out their AI feature sets partly through acquisitions, which is leading to market consolidation. That consolidation could create more demand for technical consulting services designed to help firms navigate the HR software landscape. 

AppDirect becomes an AWS Advanced Tier Services Partner. The San Francisco-based company provides an e-commerce marketplace builder geared towards, among other verticals, the consulting industry. An IT advisory firm can use AppDirect to build an online storefront that allows clients to purchase its services on-demand. The platform provides interface customization options, billing features and the ability to bundle a consultancy’s services with third-party cloud services.

AppDirect’s new AWS partner designation will make it easier for consultancies to sell AWS solutions through its e-commerce platform. “This capability is now available on our platform so that it’s seamless to our advisor community and the customer,” stated Rick Duran, AppDirect’s vice president specialized services.

AppDirect also expects its new partner status to provide other benefits. Most notably, the credential will enable the company to work more closely with AWS on joint sales initiatives. AppDirect recently disclosed that it’s on track to reach gross annual sales of $1 billion in the next 18 to 24 months. 

Alexander Group appoints a new executive to the helm of its marketing practice. Kevan Savage is taking up the post three years after joining the revenue growth consultancy from Campout Creative, a marketing agency he co-founded in 2019. The business unit he now leads helps organizations make their marketing efforts more effective. In some cases, Alexander Group’s staffers go about the task by modernizing a company’s advertising software. According to Savage, the firm also assists clients with a long list of other marketing tasks. 

“We conduct customer research to identify strategic markets and buying groups, develop tailored messages that benefit customers, and prioritize high-potential customer segments for new and expansion revenue,” Savage detailed. “We determine essential marketing activities and channels, evaluate the necessary data, tools, and processes, and optimize marketing resources to enter new markets, compete effectively, or launch new products.”

Alexander Group’s marketing practice operates alongside teams that help clients improve other aspects of their go-to-market operations. In the IT industry, for example, the firm works with software vendors to find resellers that can expand their market reach. A consumer goods supplier, meanwhile, could hire Alexander Group to develop a new product pricing strategy.

Nomios Group acquires Intragen. Both firms provide cybersecurity services to organizations in Europe, but Intragen has a narrower market focus. The UK-based consultancy helps clients with identity management, which is the process of managing how users access a company’s IT systems. A financial institution, for example, can hire Intragen to set up its banking app’s log-in menu. Intragen can also develop employee-facing identity management workflows such as single sign-on.

For Nomios, the acquisition has an AI angle. Companies are deploying AI agents that interact with their internal systems either fully autonomously or under human supervision. Before they can access a system, AI agents need to go through a login-in process similarly to human users. The acquisition of Intragen will strengthen Nomios’ capabilities in that area.

“As artificial intelligence increasingly shapes digital ecosystems and the management of both human and AI agent identities becomes essential, this move positions Nomios to address emerging security challenges with greater depth and reach,” said Jean-Christophe Cini, partner at Keensight Capital, an investment firm that bought a majority stake in Nomios about two years ago and supported the Intragen acquisition. “The transaction reflects a strategic alignment with the growing importance of identity as a foundation for cybersecurity.”

Intragen is the second British cybersecurity services firm that the company has acquired in the past year. Nomios, which is headquartered in France, disclosed on occasion of the deal that the UK, Italy and the Netherlands now account for more than 60% of its EBITDA. The “acquisition of Intragen represents a significant step in its geographic expansion across Europe,” Cini said.

A Boardroom Insight exclusive: We recently caught up with Kate Martin, the CMO of Havas’ Gate One management consulting business. Havas is a French ad agency that generated more than €2.7 billion in net revenue during its most recent fiscal year. Gate One, which is based in the UK, recently opened two new international offices to expand its market reach. Martin briefed Boardroom Insight on the business rationale behind the move earlier this week.