The System · 04

Four defined phases. Every engagement. No exceptions.

Each phase produces documented outputs that are reviewed and signed off by the client before the next phase begins. Scope, timeline, and handover terms are contractual not discovered during delivery.

The Delivery Process is the operating rhythm of every NexGenTek engagement. Assess, Design, Deliver, Transfer the same four phases, the same gates, the same acceptance criteria across cybersecurity, cloud, integration, data, and software.

Book Discovery Call See the Architecture
4
Phases
4
Sign-off Gates
12 wks
To First Production
100%
IP Transferred
ISO 27001:2022
Information Security
SOC 2 Type II
Trust Services Criteria
ISO 9001:2015
Quality Management
NIST CSF 2.0
Aligned
HIPAA · PCI · GDPR
Mapped Controls
Compliance evidence is generated continuously through every phase not assembled before the audit.
The System
Four parts. One operating architecture.
01 · Definition 02 · Layers 03 · Architecture 04 · Process
The Principle

Each phase closes under client sign-off before the next phase opens.

There is no phase that "starts in parallel." There are no open-ended workstreams. There is no defect carried into the next phase. Sign-off is the gate, and the gate is the entire mechanism that makes a four-phase process produce a working system in 12 weeks instead of an 18-month exploration.

Open-Ended Delivery
Discovery, design, and build run concurrently scope drifts in every direction
Acceptance criteria are defined retrospectively, after the build is complete
Defects are renamed "known issues" and carried into the next phase
Handover is informal "the team is still available if you need them"
Compliance evidence is reconstructed before the next audit
Gated, Documented, Signed-Off
Assess closes with sign-off before Design opens. Design closes before Deliver opens.
Acceptance criteria are written in the Design phase and approved before any build begins
No phase exits with known defects in scope. Carry-forward is zero.
Transfer is a phase, not a goodbye email with administrator training and verified independence
Compliance evidence accrues continuously and is handed over live
Phase gates are not a slowdown. They are why the first production output ships in 12 weeks instead of 12 months every constraint is resolved before it becomes a rebuild.
The Four Phases

Assess → Design → Deliver → Transfer.

Same four phases, every engagement regardless of module, scale, or delivery model. The phases scale up. The structure does not change.

01
Assess

Discovery & Risk Quantification

Structured assessment against the applicable framework. Findings classified by severity and quantified in business impact.

Produces
  • Landscape & dependency map
  • Risk register w/ business impact
  • Scope, SLAs, acceptance criteria
02
Design

Architecture & Acceptance Criteria

Architecture decisions documented and signed off before any build begins. Every decision maps to a risk and an acceptance criterion.

Produces
  • ADRs (client sign-off required)
  • Integration & data specifications
  • Rollback & continuity procedures
03
Deliver

Phased Execution & Validation

Each milestone validated against documented acceptance criteria before the next phase opens. No known defects carried into production.

Produces
  • Production-deployed system
  • UAT & reconciliation evidence
  • Compliance evidence pack
04
Transfer

Handover & Operational Independence

Full technical ownership transferred at close. Administrator training delivered. The client team operates independently from day one.

Produces
  • Full IP & credential transfer
  • Complete operational runbooks
  • Audit-ready evidence package
Phase 01 · Assess

Discovery & risk quantification written down, signed off, ready to design against.

Assess is not a sales discovery. It is a structured capture of the current state measured, quantified, and documented to a level of detail that the Design phase can move forward without further investigation.

Gate & Sign-Off
Assess closes when the engagement scope, SLAs, and acceptance criteria are signed off by the executive sponsor.

The gate is a single document the Engagement Charter that contains the landscape map, the risk register, the SLAs, and the acceptance criteria for the next phase. Until it is signed, Design does not start.

Inputs

Existing systems, security posture, compliance obligations, procurement constraints, and the business outcomes you actually need.

Activities

Structured interviews, system inventory, control gap analysis, risk quantification, and acceptance-criteria workshops with the executive sponsor.

Deliverables

Landscape map, dependency diagram, quantified risk register, engagement scope, SLAs, and the Engagement Charter signed by the executive sponsor.

Timeline & owners

1–2 weeks. Owned by a NexGenTek delivery architect with named client stakeholders for security, integration, and the business outcome.

Phase 02 · Design

Architecture decisions documented and signed off before any build begins.

Design is where the engagement gets its acceptance criteria, its rollback procedures, and its compliance footprint written into ADRs, approved, and version-controlled. No build begins on an unsigned ADR.

Inputs

From Assess

The signed Engagement Charter, the landscape map, the risk register, and the acceptance criteria.

Engagement Charter (signed)
Risk register (quantified)
Acceptance criteria (fixed)
Activities

Architecture & ADRs

Architecture options, trade-offs, and decisions documented as Architecture Decision Records each mapped to a risk and an acceptance criterion.

Options & trade-off analysis
ADRs with client sign-off
Integration contract specs
Deliverables

Specs & Rollback

Integration and data flow specifications, security control specifications, and the rollback/continuity procedures that apply during execution.

Integration & data specs
Security control specs
Rollback & continuity plan
Gate

Design Sign-Off

Design closes when every ADR has client sign-off and rollback procedures are signed off by the operating team that will inherit them.

All ADRs signed
Rollback procedures approved
Deliver phase scope confirmed
Phase 03 · Deliver

Phased execution & validation milestone by milestone, with sign-off at every gate.

Deliver is broken into milestones, each with its own acceptance criteria and its own sign-off. Parallel running is maintained throughout migrations. Compliance evidence is generated continuously not assembled at the end. No known defects carried into production.

Cadence & Reporting
Weekly delivery report. Monthly evidence pack. Milestone sign-off at every gate.

The Deliver phase has its own internal gates one per milestone. Each milestone produces a deliverable, an evidence pack, and a sign-off record before the next milestone opens. The client always knows what is committed for the next two weeks and what has been signed off.

Execution

Build, deploy, integrate, harden against the signed ADRs from Design. Parallel running maintained throughout cutovers and migrations.

Validation

UAT, migration reconciliation, security testing, and compliance evidence generation at every milestone, against the criteria signed in Design.

Deliverables

Production-deployed system or control. UAT evidence. Migration reconciliation report. Updated runbooks and compliance evidence pack.

Gate

Every milestone closes with client sign-off against the documented acceptance criteria. No phase exit with known defects. No carry-forward.

Phase 04 · Transfer

Handover and operational independence verified, contractual, complete.

Transfer is a phase, not a goodbye email. Full technical ownership moves to the client team. Administrator training is delivered. Independent operation is verified before the engagement closes. No re-engagement required to extend, modify, or audit the system afterwards.

Transferred

Source & IaC

All application source code, infrastructure-as-code, configurations, and secrets are transferred under the contract.

Repository ownership transferred
CI/CD pipeline access transferred
Secrets & credentials rotated to client
Documented

Runbooks & ADRs

Operational runbooks, ADRs, integration contracts, and on-call procedures are handed to the operating team.

Runbook catalog
ADR repository (read/write)
On-call & escalation procedures
Trained

Administrator Training

Hands-on administrator training delivered against the runbooks not as a slide deck, but as scenario-based exercises against the real system.

Scenario-based exercises
Live incident dry-runs
Training completion certified
Verified

Independent Operation

The client team operates the system unassisted for an agreed period before formal closure. Acceptance of independent operation is contractual.

Hand-back period operated by client
No NexGenTek intervention
Independence accepted in writing
The Gate Model

Each gate is a single artifact, a single signature, and a closed phase.

Every phase has one document that represents its conclusion. The document is signed by the named client stakeholder for that phase. The next phase does not open without that signature.

Gate 01 · Assess → Design
Engagement Charter
Scope & acceptance criteria
SLAs & service credit terms
Quantified risk register
Signed by executive sponsor
Gate 02 · Design → Deliver
Architecture Sign-Off
ADR set (all signed)
Integration & data specs
Rollback & continuity plan
Signed by architecture & operations
Gate 03/04 · Deliver → Transfer → Close
Acceptance & Handover Pack
UAT & reconciliation evidence
Source, IaC, secrets transferred
Independent operation accepted
Signed by executive & ops lead
Reporting Cadence

What gets reported, to whom, and how often.

Reporting is built into the process. The cadence is the same on every engagement weekly to the delivery sponsor, monthly to the security and audit functions, quarterly to the executive committee.

Weekly Delivery Report

Status of milestones, risks, blockers, and commitments for the next two weeks delivered to the executive sponsor on a fixed day, every week.

Milestone status & sign-off log
Risk & blocker register
Two-week forward plan

Monthly Evidence Pack

Compliance, security, and quality evidence collected during delivery packaged for CISO, internal audit, and procurement consumption.

Control health summary
Incident & response log
Audit-ready evidence index

Quarterly Executive Readout

Program-level performance against the Engagement Charter outcomes vs. baseline, SLA performance, service credit accrual, and forward outlook.

Outcomes vs. baseline
SLA & service credit position
Forward roadmap & commitments
Cadence is contractual. Reports are delivered on time, every time, on a fixed day not when there is something to say.
Procurement & Legal View

What procurement sees, phase by phase.

Each phase produces artifacts that procurement, legal, and risk teams actually use not internal status decks. The procurement view of the process is documented before the engagement is signed.

Pre-engagement
Compliance package within 24 hours of NDA ISO certs, SOC 2 report, DPA, SIG Lite, MSA
Phase 01 · Assess
Engagement Charter with scope, SLAs, service credit terms, and quantified acceptance criteria
Phase 02 · Design
Signed ADRs, integration contracts, rollback procedures versionable, auditable, contract-grade
Phase 03 · Deliver
Weekly delivery reports, monthly evidence packs, milestone sign-offs against the Charter
Phase 04 · Transfer
Handover Pack full IP transfer, runbooks, training completion, independent operation accepted

Engagement Documents

The contract-grade artifacts your procurement and legal teams will actually need. All available for review before commercial commitment.

  • Master Services Agreement (MSA)
  • Engagement Charter template
  • SLA & service credit schedule
  • Data Processing Agreement
  • IP transfer & exit provisions
  • Compliance evidence index
Available for review before any commercial commitment.
Process-Level Outcomes

What the four-phase model actually produces.

These are the consistent process-level results when engagements run through the four-phase model end-to-end. Measured at 60 and 90 days post-handover, against the baseline from Phase 01.

12 wks
First Production Output
First deliverable in production within 12 weeks of engagement start.
0
Defects Carried Forward
No phase exits with known defects in scope. Carry-forward target is zero.
100%
IP Transferred
All source, IaC, configurations, credentials, and runbooks transferred at close.
<5d
Audit Prep Time
Continuous evidence reduces audit preparation from weeks to under 5 business days.
Continue Through The System

The Process is how it runs. Definition, Layers, and Architecture are why it works.

The System · 01

System Definition

What the NexGenTek Delivery System is, what it replaces, what it creates, and why it exists.

DefinitionView page →
The System · 02

Architectural Layers

The four layers Security, Infrastructure, Integration, Delivery and how they stack, constrain, and connect.

4 LayersView page →
The System · 03

Delivery Architecture

The input → engine → output flow. What goes in, what the system does, and what the client owns at the end.

Input → OutputView page →

Four phases.
Twelve weeks to production.

A 30-minute discovery call with a NexGenTek delivery architect. We'll walk through the four phases against your specific engagement Assess, Design, Deliver, Transfer and show you what each gate would look like.

Book Discovery Call Back to System Definition
ISO 27001:2022 SOC 2 Type II ISO 9001:2015 Independently audited
DMCA.com Protection Status Badge