Temoche ConsultingTemoche Consulting
ESEN
Let's talk

Independence and conflict-of-interest management

In security and compliance, a consultant's independence is no formality: it determines whether their judgment can be trusted when a control fails. A consultant with an undisclosed economic or competitive tie ends up protecting that relationship, not the client paying for the audit. That is why we screen every request before the first meeting, not after signing.

What we exclude, without exception

We decline any engagement where, at the time of review, any of the following circumstances exists:

Reference framework

The standard we apply derives from the guidelines of ISACA, EC-Council and the PCI SSC Code of Professional Responsibility. The standard comes from those bodies; the decision to decline is ours, and we own it in writing.

Log of declined engagements

Every time we turn down an engagement over an independence conflict, we log it: date, reason for declining and conflict category, without exposing any prospect data. That log remains auditable by any active client under NDA. It is how we demonstrate that independence is not a marketing claim but a practice backed by evidence.

Why we publish this

A specialist firm that handles regulated information from payment processors, fintechs and companies under the supervision of Peru's banking regulator (SBS) or the data protection authority (ANPDP) needs its independence to be verifiable, not assumed. Publishing the criteria in advance lets a buyer rule out the conversation in thirty seconds if they spot a conflict we would spot too. We would rather lose that meeting than lose our neutrality.

Unsure about a possible conflict before reaching out? Raise it directly in the first conversation. If there is overlap, we'll say so on that same call.