Reducing uncertainty through intelligence led investigation, structured methodology and defensible insight. Specialist Investigative Support operates where investigation, intelligence and protective risk converge, assisting clients understand what is happening, why it matters, and how it should inform decision making. We assist organisations operating in high consequence environments where uncertainty and risk intersect, and where decisions are determined on the basis of reliable, defensible information. SIS applies structured investigative methodology, intelligence-led assessment and evidential discipline to reduce that exposure. Every engagement is built around clarity, proportionality, necessity and the ability to withstand scrutiny. Highly informed decision making depends on reliable intelligence. In complex legal, corporate and operational environments incomplete, unlawful and unreliable information increases exposure to reputational, legal and financial harm. We support clients across litigation, corporate disputes, crisis response, workplace investigations and protective intelligence operations. We are not defined by a single service line, we are defined by function, reducing uncertainty in high consequence environments through intelligence led investigations, evidence gathering and protective risk support. SIS brings together experience drawn from government intelligence, investigative and operational backgrounds. This experience is adapted for commercial sector benefit providing a disciplined approach to intelligence collection and evidential integrity, risk reduction, governance and compliance, ensuring outputs are defensible, comprehensive and evidentially robust. The result is a governance led approach that assists clients obtain reliable information, reduce uncertainty and make informed decisions in complex, sensitive and high consequence environments.

Information is only valuable when it can be relied upon. That reliance can become problematic when the information is unverified, unaccountable, incomplete or obtained in a manner that will not withstand scrutiny. Professional risk management is not simply the identification of threats. It is the structured process of obtaining, assessing and applying reliable intelligence/evidence to support informed decisions, reduce uncertantity and manage consequence within a defined framework requiring, Auditability. Proportionality. Necessity. Legality. Evidential integrity. Privacy implications. Our investigation support, intelligence collection, protective intelligence and advisory services are rarely isolated disciplines. They are the risk management tools assisting organisations understand emerging risk, evaluate exposure and provide the information required to make highly informed, defensible decisions in complex, sensitive and high risk environments. Whether supporting crisis response, litigation, corporate and workplace matters, reputational concerns or protective intelligence operations our objective is consistent. Reduce uncertainty, Improve understanding, Support defensible outcomes. Risks within organisations often exist before an incident occurs. Recognising developing risk early allows organisations to assess and consider options before consequences escalate. Intelligence led risk reduction. Our experience in providing organisations with intelligence is rarely about producing volumes of information. Effective intelligence specifically focuses on obtaining information that is relevant, reliable and contextually valuable, directly supporting decision making. This approach allows organisations to: Identify existing and emerging threats, Assess the credibility and reliability of information held, Recognise patterns and indicators, Understand networks, behaviours and individuals, Prioritise resources according to risk, Support strategic and operational decision making. This process moves organisations away from assumption and speculation towards evidence based assessment. High consequence environments and risk management. Our work combines investigation, intelligence collection, covert operational support and advisory within a governance led framework designed to reduce uncertanity and improve decision making, assisting organisations understand risk, support defensible decisions and contribute to safer outcomes. Our operations supporting crisis management companies often carry hightened legal, financial, reputational and operational risk. These operations often require organisations to make critical decisions in time pressured environments where initial information is unverified, circumstances continually evolve against a backdrop of competing priorities. We cannot eliminate all risk. Professional risk management coupled with highly experienced capabilities and speficic relevant methodologies ensure risk is reduced, decisions are based in fact and objectives are met. Professional risk management is ultimately about confidence: confidence that the information is reliable, confidence that the methodology is proportionate and defensible, and confidence that decisions made on the basis of that information can withstand scrutiny.

Obtaining information supporting organisational requirements. The value of information is determined not only by what has been obtained, but how and why it has been obtained. Intelligence and evidence gathered without appropriate governance can build risk in, creating legal, regulatory, evidential and reputational risks. Risks that remain beyond initial collection and exceed the value of the information itself. Organisations operating in complex, sensitive or regulatory environments routinely consider how information is obtained. The challenge is ensuring information is acquired, collected, assessed, documented, retained, disclosed and utilised in a manner that is auditable, lawful, necessary, proportionate and capable of withstanding scrutiny. Effective governance is often the silent process that protects organisations, supports defensible decision making and contributes to reducing risk within investigations rather than creating another layer of additional unnecessary exposure. Compliance. In practice, effective governance and oversight is broader in context than regulatory compliance alone. Compliance requires transparent accountability and careful documented consideration of proportionate investigative techniques and strategies. This is not limited to litigation. Professional service providers, HR departments, insurers, crisis management consultancies and legal teams all require information that has been obtained lawfully and in a manner supporting decision making and cross examination. Compliance in practice. External investigation support is often relied upon by organisations requiring specialist services during sensitive, time critical or high pressure situations. Where compliance is not directly overseen internally, this can require legal departments, compliance and risk teams retrospectively reviewing material tasked with interpreting and aligning material post investigation. Compliance is not a stand alone consideration to be explored post investigation. It forms the investigative strategy, planning, briefing, conduct and reporting mechanisms throughout the investigation lifecycle. Evidential requirements, legal obligations, regulatory expectations and privacy considerations are considered throughout the investigative process ensuring the material obtained is managed and presented appropriately. Additionally, intelligence and protective intelligence operations can (and often do) migrate into evidential material supporting civil proceedings, private / surveillance led criminal prosecutions, employment tribunal hearings and regulatory actions. The requirement for governance, compliance and evidential integrity can form long before formal proceedings are anticipated or contemplated. Professionally delivered, compliance is a seamless component within operations that provides assurance, quietly safeguarding evidential integrity, protecting client interests and preserving the value of information for whatever purpose it may ultimately serve.

Professional advisors are frequently required to make recommendations, manage risk, assess evidence, or support legal proceedings on behalf of clients. The quality, reliability and admissibility of relied upon information can directly influence legal, commercial and reputational outcomes. We support law firms, insurers, accountantancy and insolvency practitioners, corporate advisors and other professional service organisations through full chain of custody evidential collection and intelligence led investigation designed to withstand scrutiny and cross examination. Our approach is shaped by extensive experience supporting legal professionals in matters where investigative findings, covert methodologies and intelligence assessment are subject to scrutiny, disclosure obligations and cross examination within formal proceedings. Our role is to provide defensible information while maintaining clear oversight of investigative strategies and objectives, proportionate and necessary methodologies, risk and cost throughout engagement. Intelligence led investigations. SIS intelligence collection and investigation activities are guided by clearly defined objectives, proportionate methodology, and continual intelligence / risk assessment specific to that investigation. We establish measurable objectives and expected outcomes within the investigation strategy, allowing progress to be clearly assessed against requirements, ensuring resources are focused on meeting objectives, remain aligned to the matters that present genuine evidential, legal or commercial value and relevant in supporting client decision making processes This approach supports effective cost oversight. Continual assessment of activity against agreed objectives and investigation strategies can be reviewed and adjusted, refined or concluded, assisting clients maintain visibility of expenditure. Understanding risk beyond operations. Risk within an investigation extends beyond operational considerations. Issues such as surveillance compromise or operational exposure can frustrate an investigation but professional advisers and their clients often face a much broader range of risks. Investigative activity can create legal, regulatory, financial, reputational, evidential and ethical considerations that require ongoing assessment throughout an engagement. Information that cannot be relied upon, evidence that cannot withstand scrutiny, or activity that creates unnecessary regulatory or reputational exposure may ultimately undermine the objectives it was intended to support. Effective risk management therefore requires consideration not only of how information is obtained, but how it may be interpreted, challenged, disclosed, relied upon and defended at a later stage. Evidential Integrity and Chain of Custody Information is only valuable if its provenance can be understood and defended. Where evidence may be relied upon in legal proceedings, regulatory matters, disciplinary processes or commercial disputes, careful attention must be paid to collection methodology, continuity, preservation and documentation. This may include: Maintaining clear audit trails. Accurate contemporaneous records. Secure exhibit handling and storage. Evidential continuity. Statement preparation where appropriate. Surveillance records and supporting documentation. Preservation of digital and physical material. The objective is not simply to obtain evidence, but to ensure confidence in its reliability and provenance. Beyond Evidence Collection Obtaining information or evidence is rarely the end of the process. Investigative material may ultimately be relied upon within legal proceedings, regulatory enquiries, disciplinary processes, insurance disputes, employment matters or wider commercial decision-making. The manner in which information is documented, preserved, disclosed and presented is as important as the method by which it was obtained. Consideration should be given to how evidence may be assessed, challenged or scrutinised by legal representatives, courts, tribunals, regulators, insurers or opposing parties. Questions relating to provenance, continuity, reliability, methodology and disclosure obligations may arise long after the original investigative activity has concluded. This is particularly relevant where surveillance evidence forms a significant component of a case. Surveillance methodology, operational decision-making, contemporaneous records, continuity of evidence and compliance considerations may all attract scrutiny where the evidence is relied upon to support legal, disciplinary or regulatory outcomes. For this reason, investigative planning should consider not only the immediate objective of obtaining information, but also the potential requirements that may follow. Understanding how information may ultimately be used helps ensure that investigative activity, documentation, reporting and evidence handling remain aligned to the client’s longer-term objectives. The objective is not simply to obtain evidence, but to provide confidence in its reliability, provenance and ability to withstand cross examination and scrutiny. Managing Sensitive Information Many investigations involve sensitive personal, commercial or legally privileged information. Professional handling extends beyond the acquisition of information and includes the secure receipt, storage, assessment, dissemination and retention of material throughout an engagement. Particular care may be required where investigations involve confidential corporate information, personal data, vulnerable individuals / safeguarding concerns, reputational risk, legally privileged material or information with potential disclosure implications. Information security, confidentiality and appropriate access controls form an important part of maintaining trust and protecting client interests. Compliance and Governance Effective governance informs investigative decision-making from the outset and helps ensure that information is collected, assessed and reported in a lawful, proportionate and defensible manner. Depending upon the circumstances of an engagement, this may include consideration of: RIPA. CPIA. Data Protection legislation and UK GDPR. ICO guidance. Privacy considerations. Disclosure obligations. Proportionality and necessity assessments. Management of collateral intrusion. Handling of sensitive information. Compliance is most effective when integrated into operational planning rather than retrospectively applied. Working Alongside Professional Advisers We frequently works alongside legal teams, insurers, insolvency practitioners, forensic accountants, corporate advisers, HR professionals and other specialists. Assignments may involve direct engagement with the end client or operate discreetly as part of a wider advisory team. Our objective is to provide accurate, defensible information that supports professional judgement and client decision-making. Professional Standards The SIS approach has been shaped by extensive experience working alongside legal professionals in matters where investigative findings, surveillance evidence and intelligence assessments may ultimately be subject to scrutiny, disclosure obligations or formal proceedings. This experience influences the standards, methodology, reporting structures and governance framework applied throughout our engagements. We maintain awareness of relevant legislation, regulatory expectations and recognised investigative standards, including professional affiliation to the Institute of Corporate Investigators. Conclusion Whether supporting civil litigation, criminal proceedings, private prosecutions, employment matters, regulatory investigations, insurance disputes or wider professional advisory engagements, the objective remains the same. To provide accurate, defensible information that supports informed decision-making and is capable of withstanding appropriate scrutiny.

Workplace investigations often involve competing legal, operational and ethical considerations whilst balancing their duty to protect business interests with obligations relating to privacy, fairness, data protection, employment law and employee welfare. Effective workplace investigations therefore require more than information gathering alone. They require proportionate decision-making, evidential discipline and careful management of risk throughout the investigative process. Understanding Workplace Risk Workplace risk can arise from a wide range of circumstances. These may include: Fraud and financial misconduct. Theft of company property. Misappropriation of intellectual property. Unauthorised disclosure of confidential information. Client or customer list theft. Conflicts of interest. Undisclosed secondary employment. Breach of restrictive covenants. Sickness absence abuse. Regulatory breaches. Harassment and misconduct allegations. Reputational concerns. Insider threats. The purpose of an investigation is not to confirm a predetermined conclusion but to establish facts capable of supporting informed decision-making. Intelligence-Led Workplace Investigations Every workplace investigation should begin with a clear understanding of the matter being investigated and the decisions that may ultimately depend upon the findings. Clearly defined objectives, proportionate methodology and measurable outcomes help ensure investigative activity remains focused, accountable and aligned to the employer’s legitimate interests. This approach supports effective oversight of investigative activity, expenditure and risk while helping avoid unnecessary intrusion into employee privacy. Balancing Competing Obligations Employers often face competing responsibilities when investigating workplace concerns. They may need to protect commercial interests, fulfil regulatory obligations, investigate allegations and maintain organisational integrity while simultaneously respecting employee rights, privacy expectations and legal protections. Investigations should therefore be conducted with careful consideration of necessity, proportionality and fairness. The objective is not simply to obtain information but to do so in a manner capable of withstanding scrutiny and supporting defensible decision-making. Confidential Information and Intellectual Property Many organisations derive significant value from confidential information, intellectual property, research and development activity, proprietary processes, customer relationships and commercially sensitive data. Investigations may involve allegations concerning: Intellectual property theft. Unauthorised disclosure of confidential information. Removal of customer or client data. Transfer of commercially sensitive material. Competitive intelligence concerns. Misuse of company systems. Breaches of confidentiality obligations. Where such concerns arise, investigative activity should seek to establish facts while maintaining appropriate evidential integrity and information security. Whistleblowing and Confidential Disclosures Not all concerns raised within an organisation represent misconduct. Employees may raise genuine concerns regarding wrongdoing, regulatory breaches, safety issues, unethical conduct or matters affecting the public interest. Investigations involving whistleblowers or confidential disclosures require particular care. Employers may have obligations relating to confidentiality, protection from detriment and fair treatment while simultaneously ensuring that concerns are appropriately recorded, assessed and investigated. The existence of a complaint should not automatically determine investigative conclusions. Equally, the existence of an investigation should not undermine legal protections afforded to those making protected disclosures. Careful assessment of facts, evidence and context remains essential. Trade Unions, Protected Characteristics and Sensitive Matters Certain workplace investigations involve additional legal and regulatory considerations. Matters involving trade union activity, protected characteristics, discrimination allegations, equality concerns, workplace grievances or vulnerable individuals may attract heightened scrutiny. Investigative activity should be capable of demonstrating fairness, proportionality and objective decision-making while avoiding assumptions based upon personal characteristics, protected status or lawful workplace activity. Maintaining independence, transparency of process and evidential discipline is particularly important in such circumstances. Surveillance Within Workplace Investigations Surveillance is often considered as part of wider workplace investigations. Surveillance should rarely be viewed as a starting point and is generally most effective when informed by prior intelligence, clearly defined objectives, collateral intrusion, necessity and proportionality. Employers considering surveillance activity should be mindful of privacy considerations, data protection obligations, necessity and proportionality requirements, together with current relevant guidance issued by the Information Commissioner’s Office. Surveillance is most effective when deployed as one element of a broader investigative strategy rather than as a substitute for investigation. Duty of Care and Employee Welfare Employers owe duties not only to their organisation but also to their workforce. Investigative activity should be conducted with appropriate regard to employee welfare, confidentiality, fairness and the potential impact of investigative processes upon those involved. This is particularly relevant where allegations remain unproven, where vulnerabilities exist, or where investigative activity may affect employment, reputation or wellbeing. Professional investigations seek to balance organisational interests with appropriate consideration for the individuals involved. Evidential Integrity and Decision-Making Workplace investigations frequently inform significant decisions. Findings may ultimately be relied upon within disciplinary proceedings, grievance processes, employment tribunals, civil litigation, regulatory enquiries or criminal investigations. This places particular importance upon: Accurate documentation. Evidential continuity. Audit trails. Statement taking. Information security. Record keeping. Reporting methodology. Compliance and governance. The objective is not simply to gather information but to ensure confidence in its reliability, provenance and ability to withstand scrutiny. Compliance and Governance Compliance should be embedded throughout the investigative process rather than considered after information has been obtained. Depending upon the circumstances, this may include consideration of: Employment law obligations. Data protection legislation and UK GDPR. ICO guidance. Privacy considerations. Disclosure obligations. Proportionality and necessity. Confidentiality requirements. Protected disclosures. Equality considerations. Management of sensitive information. Governance helps ensure investigative activity remains lawful, proportionate and aligned to the employer’s legitimate objectives. Conclusion Workplace investigations are rarely straightforward. They often involve competing interests, legal obligations, commercial considerations and human factors that require careful management. By combining intelligence-led methodology, evidential discipline, proportionate investigation and effective governance, organisations can better understand risk, establish facts and make informed decisions capable of withstanding scrutiny.

Protective Surveillance and Protective Intelligence Protective surveillance is a specialist risk mitigation capability focused on identifying, assessing and responding to hostile attention directed towards individuals, organisations and physical environments. It operates where risk is not always visible, and where traditional security measures alone may not identify developing patterns of threat or targeting behaviour. The objective is not surveillance in isolation. It is early recognition of behavioural indicators, environmental anomalies situational risks and hostile technical surveillance activity that may precede harm. Modern Targeting Environment Protective risk environments are increasingly characterised by indirect and behavioural forms of targeting, where legitimate interaction, routine presence and professional engagement may be used to gather information, assess access, or identify vulnerability over time. This includes activity that does not present as overt hostility, but relies on observation, relationship building and environmental familiarity to develop situational understanding. As a result, risk identification depends less on isolated incidents and more on recognising patterns of behaviour within context. Risk Detection in Live Environments Protective surveillance provides discreet oversight in environments where individuals, families, staff or locations may be subject to: Targeted or opportunistic surveillance Stalking or persistent unwanted attention Hostile reconnaissance activity Criminal pre-operational behaviour Indicators of intrusive or preparatory monitoring Attempts to map routines, access or vulnerabilities Risk in these environments is rarely static. It develops through repetition, observation, proximity testing and behavioural patterning. The value of protective surveillance lies in identifying what is not immediately apparent through fixed or static security measures. Behavioural Indicators and Hostile Activity Recognition A core component of this capability is the identification of behavioural indicators associated with hostile reconnaissance and preparatory activity. This includes behaviour consistent with attempts to: Observe movement, routines or timing patterns Identify access points or weaknesses in security coverage Test awareness, response or intervention thresholds Establish environmental familiarity over time Much of this activity is indistinguishable from legitimate presence when viewed in isolation. Assessment therefore relies on pattern recognition, contextual analysis and behavioural comparison over time. Counter-Surveillance and Environmental Validation Within protective surveillance operations, counter-surveillance capability focuses on identifying whether individuals or activity may indicate covert observation or intelligence-gathering behaviour. The emphasis is not on assumption, but on structured assessment of: Behavioural consistency across time and location Environmental anomalies or repeated presence indicators Patterns consistent with reconnaissance or monitoring activity Situational indicators of observation or tracking behaviour Technical surveillance opportunities This allows for differentiation between benign activity and behaviour that may represent structured surveillance or preparatory targeting. Red Team and Protective Environment Assessment Protective intelligence is strengthened through adversarial testing of existing security and awareness measures. Our Red Team capability evaluates: Detection effectiveness in live environments Response to suspicious or ambiguous behaviour Security awareness within operational settings Vulnerability to covert observation or intrusion attempts This provides organisations with a realistic assessment of how protective measures perform under conditions of ambiguity, uncertainty and pressure. Physical Security and Vulnerability Testing Where appropriate, controlled testing of physical environments is conducted to assess resilience against both opportunistic and targeted intrusion attempts. This may include: Assessment of access control effectiveness Identification of structural or procedural vulnerabilities Review of internal and external exposure points Evaluation of assumptions within existing security posture The purpose is not only to identify weaknesses, but to understand how they may be exploited and how exposure can be reduced through proportionate mitigation. Technical Surveillance Counter Measures. Protective risk extends beyond the observation of individuals and environments. It also includes the protection of sensitive information, communications and decision-making processes from unauthorised collection. As organisations increasingly operate within environments where information may be targeted through both technical and human collection methods, TSCM provides an additional layer of assurance within a broader protective intelligence strategy. Technical Surveillance Counter-Measures (TSCM) are specialist examinations designed to identify, assess and mitigate risks associated with covert technical surveillance, unauthorised monitoring devices and other forms of illicit information gathering. Organisations may require assurance where concerns exist regarding information compromise, sensitive commercial activity, workplace disputes, litigation, intellectual property, reputational risk or targeted intelligence collection. TSCM examinations form part of a wider protective intelligence framework, providing assurance that environments used for sensitive discussions, strategic decision making and confidential activity remain secure and free from unauthorised technical intrusion. The objective is not simply the detection of devices. It is the identification and mitigation of vulnerabilities that could allow information, communications or operational activity to be monitored, collected or exploited by hostile actors. Integrated Protective Intelligence Approach Protective surveillance is most effective when integrated within a wider intelligence-led risk framework. This includes: Behavioural assessment in live environments Counter-surveillance detection and validation TSCM / technical surveillance deployment Red Team adversarial testing Structured reporting and escalation pathways Feedback into operational and physical security controls This integration ensures protective activity is not reactive or isolated, but contributes directly to reducing uncertainty and improving situational awareness. Targeting is increasingly indirect, behavioural, remote and embedded in legitimate interaction.