For Design Teams &
Engineering Primes

Most of our work arrives through design teams: primes assembling a D&C bid, architects with a CPTED condition, alliances needing a security discipline that keeps pace with the programme. This page covers how that works.

The subconsultant test

Every prime has been burned by a security subconsultant: the report that lands two weeks late and reads like a threat encyclopedia, the requirements no discipline can design to, the design-gate submission that gets pulled apart because the security rationale doesn't hold. The test of a security subconsultant isn't their risk register — it's whether your submission survives review.

On recent transport packages we issued 100+ individually tracked security requirements per engagement, each traced to a risk scenario, assigned to a discipline, and closed out with a named designer response. That structure exists because we sit inside design programmes, not beside them.

How we slot into your bid or programme

  • Bid support

    Scoping, methodology text, and fee estimates in bid-ready form, with same-business-day response for scoping conversations. We've delivered as subconsultant to Mott MacDonald, WSP, KBR, Hatch, and SYSTRA — we know what a bid manager needs and when they need it.

  • Discipline-ready outputs

    Requirements with designer response columns, security zoning at site, platform, and building level, and performance specifications structural and services teams can design to. Each requirement names its responsible discipline and the evidence expected at the next gate. Systems & assurance →

  • Design-gate defensibility

    Every risk position documented with its evidence and explicit judgement, so the security chapter of your gate submission is the one that doesn't attract questions. Where we challenge an inherited requirement, we build the evidence trail that lets you defend the change. Security risk & threat analysis →

  • Flexible engagement

    Package subconsultant, embedded advisory inside your design team, or discipline lead within an alliance. Principal-led in every model: the person who priced the scope is the person in your design coordination meetings. Engagement models →

Frequently asked questions

What does Core42 need to price a security scope for a bid?

The tender reference, the security-relevant returnables, and fifteen minutes with whoever owns the technical response. From that we can confirm scope fit, flag anything in the brief that will cause trouble later, and return a fee estimate in your bid format.

Can Core42 work inside an alliance or embedded design team?

Yes. We attend design coordination as the security discipline, issue requirements directly to responsible disciplines, and track designer responses through each gate. On linewide and multi-package programmes we run the same requirements structure across packages so assurance evidence stays consistent.

What makes security outputs "discipline-ready"?

Each requirement is written to a single responsible discipline, in that discipline's language, with the expected design evidence named. An architect receives sightline and zoning requirements they can draw; an electrical engineer receives device and infrastructure requirements they can specify. Nobody receives a threat essay.

Who does the work?

A principal. Core42 is deliberately small: the consultant who scopes your package is the one who delivers it and fronts your design gates. No handover between the bid team and the delivery team, because they are the same people.

Scoping a bid?

Email info@core42.com.au with the tender reference and we'll respond the same business day. Or book a call to talk through the package.