Hey there,
The meeting with Hanos had already finished by the time the most interesting thought arrived. I was walking the dog, probably half an hour later, turning over what I'd just heard, when it surfaced quietly: if I had known about the tool they were using when I started the ISO 27001 work at Qwello, I might never have felt the need to start Askara at all.
That thought sat with me for a while.
What You Hear When You're Not Selling
The visit came about through one of those connections that only exist in a small team. The IT manager at Hanos is the father of a teammate's girlfriend, which meant the meeting carried none of the usual tension of a sales conversation. We were there to understand, not to impress. That context matters, because what he described was something most compliance conversations never reach: the honest interior of a system that genuinely works.
Hanos runs a mid-sized food distribution operation where continuity isn't a preference but a contractual obligation, which means their compliance programme isn't an afterthought. They've invested in it properly. They have people whose job it is to maintain it. They take it seriously.
What he described was a system held in place by carefully distributed human effort. A business analyst appointed as deputy CISO. An infrastructure specialist alongside her. Bi-weekly meetings dedicated to keeping everything current. A standing rule that anything older than three months gets reviewed without exception.
I was listening to all of this thinking: this is what a well-run compliance operation actually looks like from the inside. Not chaos, not neglect. Carefully distributed responsibility, held in place by recurring calendar entries and the diligence of specific people. The system is only as current as the last time someone had time to look.
That's what kept coming back on the dog walk. Not that anything they'd built was wrong. But that all of it was load-bearing. Remove any one piece and the structure loses integrity. Which means the people carrying it can never really put it down. The dependency isn't incidental to how the tool works. It's structural.
The Name for the Thing
During the Financial Hour later that week, we were mapping the competitive landscape and the name of the platform they'd been running on came up: IRM360. Looking at how it's structured, something clicked. They've built their commercial model around unbundling compliance by module, pricing by consumption, letting organisations adopt one piece at a time before committing to the whole. Which maps almost exactly onto what I argued in "One Compliance Tool at a Time."
An established player, bootstrap-funded, had found their way to the same strategic shape independently. That's a signal worth sitting with. It suggests the logic is sound.
But what the Hanos conversation made visible is where that logic reaches its limit. The platform unbundles the framework. The human scaffolding it generates stays entirely intact, living in people's diaries and bi-weekly meetings and the institutional memory of a deputy CISO who knows which controls were last reviewed and which ones are quietly overdue. What Askara is building tries to reach further back: the continuous reasoning that currently has no home except the people willing to carry it.
Thank God We Didn't Know
I keep returning to the thought from the dog walk, and the further I follow it, the more it connects to something larger than just this week.
When I was brought in to complete the ISO 27001 certification at Qwello, the platform choice had already been made before I arrived. It was a daunting SharePoint environment, hard to grasp, user-unfriendly in ways that created a deep dependence on consultants to keep it alive. Navigating that gave me the starting point to rebuild it properly in Airtable, which became the foundation everything else grew from. The difficult environment wasn't an obstacle to Askara. It was the condition for it.
And now here's IRM360: a more considered tool, a smarter commercial model, a system that a well-resourced organisation like Hanos has built a genuine operation around. If I had encountered it at the start of the Qwello engagement, I might have concluded the problem was addressed and looked elsewhere. Instead I experienced the gap directly, without knowing what the incumbent looked like, and that experience became the foundation for something built to go further.
There's a pattern in this that I find genuinely surprising in retrospect. The most generative moments in Askara's history have come from not having the easy answer available. No existing platform to default to at Qwello, so something better got built. No sales agenda at Hanos, so something honest got heard. Not knowing IRM360 existed, so the gap got felt rather than read about.
Constraints and ignorance keep turning out to be the conditions for seeing clearly. There's a version of market research that closes possibilities before you've had a chance to feel what's actually missing. And there's another version that looks like walking a dog after a meeting, with nothing to sell and nowhere to be, letting the morning settle into something worth writing down.
With care, Ben