TrueNorth Quantum delivers four discrete but tightly-coupled services. Build is a one-time, five-week engagement that produces a production-ready Digital Employee. Run, Govern, and Defend are continuous services that keep that DE operating, compliant, and secure for as long as it serves your organisation.
Our service model maps to two dimensions: when the work happens (one-time vs. continuous) and how it's purchased (included with the platform vs. optional add-on).
Every Digital Employee TNQ deploys is purpose-built — there is no shrink-wrap DE. The Build service is a structured engagement spanning six phases, producing fifteen named artifacts, gated by five client sign-off milestones. The target is M5 Go-live in approximately five weeks from SOW signature, with day-for-day adjustments if either side runs behind. Throughout the build, the Governance AI is trained in parallel with the DE itself — not bolted on at the end.
The Build engagement is delivered under the Development Services Statement of Work (TNQ-COMM-02), attached as Exhibit A to the Platform-as-a-Service Agreement. Fees are milestone-billed: a portion at SOW signature, then successive payments at M1 through M4. Final acceptance is M5, at which point Platform Fee billing begins.
Three TNQ-named roles run the engagement: an Engagement Lead (single point of accountability), a Governance Lead (owns the risk classification, policy-as-code, and overseer training), and a DE Architect (owns the build, tool integration, and testing). Four client-side roles are required: an Executive Sponsor, Operational Owner, Technical Counterpart, and Risk/Security Officer.
Engagement intensity and required controls calibrated to the Risk Tier assigned in Phase 1. Tier 4 engagements include external red-team and additional client signatures.
The Governance AI overseer is not added at the end. It is trained on the same role specification, in parallel, in Phase 3 — making behaviour-bound governance an architectural property.
Each milestone has named, specific written acceptance criteria. Silence beyond 5 business days constitutes acceptance — predictability for both parties.
Every deliverable is version-controlled and anchored to the audit ledger. The engagement record becomes the operating record from Phase 6 forward — no handoff loss.
Once a Digital Employee enters Phase 6 (Live Operation), TNQ runs the entire underlying platform on a 24/7/365 basis. Platform Operations is the always-on service that hosts the DE, runs the Governance AI overseer, operates the Quantum-Proof Foundation, maintains the immutable audit ledger, and applies security patches and platform upgrades. Everything in this section is included with the Platform Fee subscription — no add-on, no per-seat licensing, no separate hosting bill.
Platform Operations is governed by clause 2.2 of the PaaS Agreement, which enumerates exactly what is bundled into the Platform Fee. The Client's Digital Employees, Governance AI instances, Client Data, and audit ledger entries are deployed on infrastructure dedicated to the Client — not co-mingled with other clients' workloads.
The service is calibrated by Risk Tier (per the TNQ-DE-03 Risk Tier Assessment): a Tier 4 deployment is operated to higher uptime targets and more frequent retraining cadences than a Tier 1. SLAs are documented in Schedule C of the PaaS Agreement.
Your Digital Employees and Governance AI run on infrastructure dedicated to your organisation. No multi-tenant noise. No noisy-neighbour risk.
Master Session → Governance Agent → Architecture Agent → Worker Agents. Continuously operated. Type-theoretic boundaries enforced at every layer.
Post-quantum cryptography across transport, storage, and audit ledger. Warm / Cold / Frozen custody tiers continuously available. FIPS 140-2 Level 3 HSM.
Every prompt, tool call, governance decision, and outcome — anchored to the blockchain audit ledger. Two years of full-fidelity history by default; longer on request.
Security patches, platform upgrades, dependency updates, model improvements — managed by TNQ on a documented change-control cadence. No customer maintenance windows.
Standard support included with the Platform Fee. Documentation, training materials, configuration assistance, and Master Portal user administration.
Launching a Digital Employee in production is not the end of the governance work — it is the start. The Governance & Compliance service is the continuous oversight regime that watches every action the DE takes, detects drift before it becomes incident, packages evidence for auditors and regulators, and adjusts policy boundaries as the role evolves. This service is included with the Platform Fee subscription — because we believe deploying an AI agent without continuous governance is the same as deploying it without governance at all.
The Governance & Compliance service operates on three time scales: per-action (the overseer evaluates every decision before it executes), per-day (drift detection runs continuously against the behavioural baseline established in Phase 3), and per-quarter (governance board reviews authority adjustments, policy updates, and regulatory mapping).
The frequency of every surveillance activity is calibrated by Risk Tier. A Tier 1 DE has a daily summary review; a Tier 4 DE has per-action human approval. The Oversight Cadence Table in the Risk Tier Assessment (TNQ-DE-03) defines exactly what cadence applies to each Digital Employee.
Every action evaluated against the compiled policy-as-code before execution. Forbidden actions blocked. Approval-required actions escalated. Authorised actions proceed and are signed.
Live behavioural patterns continuously compared to the baseline established in Phase 3. Deviation thresholds trigger alerts. Pattern shifts trigger human review.
The immutable ledger captures every action. TNQ packages, indexes, and prepares ledger excerpts for auditor review, regulatory disclosure, or insurance underwriting on demand.
As trust accrues, authority can be expanded; as risk surfaces, authority can be tightened. Every adjustment is a versioned change to the policy-as-code with formal approval.
Every quarter, TNQ delivers the Quarterly Review Pack (TNQ-DE-18) — drift summary, KPI performance, exception review, authority recommendations. Joint Client and TNQ review.
For each applicable regulation (GDPR, HIPAA, EU AI Act, SOC 2, sector-specific), TNQ maintains the artifact-to-clause mapping that demonstrates compliance — produced as a side-effect of operation.
The Governance service prevents your Digital Employee from doing the wrong thing on purpose. CyberDefense Monitoring is the layer that prevents external actors from manipulating, exfiltrating from, or impersonating your DE. It is an optional add-on under the PaaS Agreement (Schedule B), priced as a percentage of monthly Platform Fees with a fixed minimum. Once elected, it scales automatically as your workforce grows.
The CyberDefense Monitoring service covers the new threat surface that an AI workforce creates: prompt injection, credential abuse, lateral movement through DE tool access, model poisoning, output manipulation, and impersonation of cryptographic identity. Traditional endpoint and identity tools do not see these attack patterns; the TNQ SOC is purpose-built to recognise them.
The service operates as a continuous SOAR loop: Monitor → Analyse → Plan → Execute → Assess → Adjust. Threat detection ML runs against the audit ledger in real time. Severity-1 incidents trigger autonomous containment (suspending the DE under a documented run-book). Lower-severity events route through ChatOps to your on-call team.
Continuous human-supervised monitoring of every DE in production. Tuned alert thresholds. Coverage across all time zones and shifts.
ML-driven detection specifically tuned for AI-agent threat patterns. Prompt injection. Jailbreak attempts. Tool-call abuse. Model manipulation. Identity spoofing.
Federates with Splunk, Elastic, IBM QRadar, ArcSight, Microsoft Sentinel, and others. Bidirectional. We don't replace what works — we extend it.
Autonomous incident response under documented run-books. DE suspension authority. ChatOps escalation. Replay-from-ledger forensics in one click.
TNQ incident-response analysts engage for any severity-1 event. Communication plan execution. Coordination with client security and legal. Post-mortem package delivered.
Quantitative incident telemetry packaged for cyber-policy underwriting and renewal cycles. Insurance partnerships via Gallagher. The audit ledger is the evidence underwriters want.
We do not charge for the build until value starts. The Platform Fee subscription does not begin until your Digital Employee enters production at M5. You only pay for a DE that is actually doing work for you.
A 30-minute discovery call. We map a candidate role, classify the risk tier, scope the build, and tell you what your first DE could look like in production — including which services are bundled and what the monthly economics look like.