Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
8 February 2024

20 Years of Turnkey: From the kitchen table to a global company

The start of 2024 marks 20 years of Turnkey being in business – a milestone it goes without saying that I’m incredibly proud of.

It’s also a chance to reflect on how far we’ve come during those two decades, as well as highlight some of our fundamental principles that have stayed the same.


The early years

Like many companies, our beginnings were modest. Working from my kitchen table in north London, initially on my own and then with two other founding partners, we delivered projects for clients and continued to develop our offering, all the while making cold calls to grow the business. This was pre-pandemic and long before ‘WFH’ was a thing; broadband was patchy and wifi a pipedream. (We eventually rented an office in Fleet Street to help entice our first official employee - a successful strategy as it turned out - they are still with us today.)

The tendency then – as is often still the case today – was to implement measures for IT security (it wasn’t called cyber in those days!) as an ‘add on’ towards the end of a project. But I had previously been part of the PwC consulting team that evolved an approach to make the function an integral part from day one. I wanted to put this into practice with my own company, offering clients running SAP a new way of thinking about IT security as an end-to-end solution that, in making their organisations safer, would ultimately help them achieve their business goals.

And so Turnkey Consulting was born.

We started small, but our ambitions were always big, and we continually looked for ways to expand our footprint – often with scant regard for convention. Attending an SAP Insider conference in the early days for example, when we couldn’t yet justify the expense of an exhibition stand, we distributed Turnkey flyers to all corners of the event space; and in the days before most people had personal portable devices, we also took advantage of the bank of laptops made available to attendees by the organisers, setting every screensaver to Turnkey’s homepage…


Global growth

Three years after kicking off in the UK, we started our global expansion; I leaned on my PwC network to find the right people to open an office in Australia, with an entity in Germany following a year later.

Landing one of the biggest companies on the FTSE 100 as a client was another landmark. Being trusted to do what we promised has enabled us to deliver significant value to the business over the course of various projects; the strength of the relationship also helped us to expand into Southeast Asia in 2013.

We’ve continued to explore growth regions and today Turnkey has offices in the UK, Australia, France, Germany, Malaysia, Singapore and the US.


It’s all about the customer

Throughout our history, we’ve challenged ourselves with the aim of continually meeting clients’ needs, which evolve as technology develops, the world becomes ever more connected, and risks deepen and change.

Launched in 2017, Bedrock is one such example. Our own managed service offering for Governance, Risk and Compliance (GRC), it is a cloud-based SAP GRC solution that organisations can tailor to their own needs and budgets, while using the latest SAP software and having access to Turnkey’s consultancy skills. Today it accounts for around 20% of Turnkey’s revenue, its ongoing adoption and success indicating the need for such a product.

But although SAP is core to our business, we took the proactive decision around five years ago to be less exclusively focused on this platform. Broadening our services enhances our customer centric approach; it also sets out our stall from an ambition perspective by giving us more latitude for growth.

Our growth goals also drove our redesigned business structure. In 2023 - the last year of our teens – we rolled out an internal programme that, several years in the making, brings the various developing businesses under one Turnkey umbrella. This ensures a truly global strategy, along with shared investment and commitment, as well as consistency for clients and employees alike.


A changing world

Throughout Turnkey’s lifespan we have operated on a continually moving stage, adapting to external occurrences that are beyond our control. Much has happened in 20 years, but a few key events stand out.

The financial crisis of 2008 / 2009 was a testing period for many. But despite the challenging conditions, Turnkey grew during this time; that our services were resilient to economic shocks demonstrated the business necessity of our offering, and that we were getting it right.

The pandemic clearly caused a seismic shift in how everyone operated. Enforced working from home flagged the complexities of secure remote working, highlighting the importance of much of what we do behind the scenes. But it also opened opportunities that, in the days of being able to travel to wherever was required, hadn’t been considered in earnest. At Turnkey for example, we launched our virtual conference; held over two days, in different time zones and covering a range of discussions, it created additional value for customers – and is a fixture we have continued, even with the return of face-to-face meetings.

More recently, the war in Ukraine has been instrumental in creating a broader awareness of cyber threats, particularly in terms of the risk of state sponsored attacks. Previously, while there was plenty of noise in the cyber security industry about this issue, there was little acknowledgement in the broader public sphere. That dial has now shifted.


The role of enabling partner

From the first days of Turnkey, we have concentrated on helping to change the narrative around the role that security and risk management play in the organisation overall, aligning it as a core function that is essential to achieve wider business objectives.

We have now progressed with this outlook for twenty years, pioneering an approach that focuses on being a fully-fledged business partner rather than a cybersecurity provider.

As such we have helped clients in a variety of industries around the world to shift their perspective on IT security, seeing it as a business enabler rather than a tick-box compliance exercise that hampered progress. Rewarding on many levels, this is a mission that we plan to continue…