What does an IT consulting firm do for small business?

An IT consulting firm helps a small business decide what to build, what to buy, what to retire, and how to run it without burning the team out. It is not the same as an MSP, which keeps existing systems running. It is not the same as hiring an internal IT person, who handles day-to-day. And it is not a marketing agency. Consulting is the strategy and implementation layer between those three.

How does CTGA scoring work?

CTGA scores your operations on four pillars: Controls, Technology, Growth, and Adoption. Each pillar gets a number, and the four roll up to a single composite score from 100 to 900. The bands read like a credit score: 100-300 is exposed (real risk, real money leaking), 400-600 is operational (it works but it is brittle), and 700-900 is compounding (systems making the business better as it grows).

What is a Helix Pulse?

A free 60-minute conversation with our team. No intake form, no demo, no pitch deck. We cover your operations across all four CTGA pillars and you walk away with your top three gaps, an estimated Helix Score, and a plain-English summary of what is broken. You own the results. Take them to whoever you want.

What does a Pulse Retainer cost?

The Helix Pulse itself (the 60-minute CTGA scoring conversation) is free. The ongoing Pulse Retainer starts at $1,500 a month for a small service business and scales up based on company size, number of business units, and how much hands-on implementation work the engagement includes. We give a fixed monthly number after the Pulse. No surprise hourly billing.

No. Helix Stax is an IT consulting firm. We do strategy, system selection, implementation, compliance work, and ongoing advisory. We do not run a 24/7 helpdesk and we do not sell managed antivirus by the seat. When clients need full-time helpdesk or device management, we hand them to an MSP partner in the Hampton Roads area and stay involved on the strategy side.

Do you replace our internal IT or work alongside it?

Either. We have done both. If you already have an internal IT lead or an MSP, we sit on the strategy and architecture side and they keep the lights on. If you have nobody, we run the function until you hire someone, then we hand it off cleanly with documentation. The engagement tier sets the shape: lighter retainers stay advisory, deeper engagements get embedded.

Yes. We run CMMC Level 2 readiness work and full NIST 800-171 control implementation for Newport News defense contractors, shipyard suppliers, and DoD prime subcontractors. The engagement covers gap assessment, System Security Plan authoring, POA&M tracking, and the actual technical control work (endpoint hardening, audit logging, encrypted storage) that a C3PAO assessor will open the laptop to verify.

Do you serve DoD contractors and shipyard suppliers?

Yes. We work with DoD prime subcontractors and shipyard suppliers across Hampton Roads, including suppliers feeding Newport News Shipbuilding and the broader Huntington Ingalls Industries supply chain. The work usually combines CMMC Level 2 readiness, NIST 800-171 control implementation, secure infrastructure design, and audit preparation. We have not done a CMMC Level 3 engagement yet and we will say so on the first call.

Do you work outside Hampton Roads?

Yes. Hampton Roads is the home base, not a fence. We currently run an out-of-state client engagement and we take remote work anywhere in the continental US. On-site visits cost more outside the region because of travel, but most of the assessment, design, and ongoing advisory work runs over video and screen-share without losing anything.

Who owns the work product?

The client owns everything we produce inside the engagement. That includes documentation, configurations, automation code, runbooks, vendor accounts, and the data behind your CTGA scores. Helix Stax retains the CTGA framework itself and the internal tooling we use to score and track engagements, but those are not deliverables. If you walk, you walk with your stuff.

The CTGA Framework Methodology

Operations maturity, scored.

The Helix Score is a credit score for how your business runs. One number from 100 to 900, rolling up four pillars (Controls, Technology, Growth, Adoption) into a figure you can put on a board update, track quarter over quarter, and use as the baseline for everything you fix next.

That sentence is the whole framework. The rest of this page explains how the number gets made, what the bands mean, and what you do with it.

What is the CTGA Framework?

The CTGA Framework is a proprietary operations maturity model built by Helix Stax for small and mid-market businesses. CTGA stands for Controls, Technology, Growth, and Adoption -- the four pillars the framework scores. Controls covers financial and process discipline. Technology covers the actual software stack and how well it fits the business model. Growth covers sales, marketing, and the systems that produce revenue. Adoption covers whether the team uses what the business has paid for -- the failure mode where companies spend $400,000 a year on software nobody opens. Each pillar rolls into a single Helix Score between 100 and 900. Unlike CMMI-derived models that score on a five-level ladder, the Helix Score is a continuous number designed to be comparable across quarters and defensible to investors. The framework is delivered by Helix Stax through a Pulse assessment, a full CTGA Assessment, and an implementation retainer.

Sources: Accenture Intelligent Operations, PagerDuty Digital Operations Maturity.

How it works -- the four pillars

Each pillar carries its own definition, its own inclusion list, and its own list of things it deliberately does not measure. Definition by exclusion matters as much as definition by inclusion.

Controls

25% weight

The Controls pillar measures the disciplines keeping a business legal, insurable, and audit-defensible. It scores compliance deadlines, vendor contracts, licensing currency, financial controls, documented procedures, and the records that prove all of it works when nobody is watching. Controls also covers the basic security posture an SMB needs -- MFA, backup discipline, the response plan for a real incident.

Controls does not measure regulatory strategy, cybersecurity at the enterprise threshold, or financial planning. It scores whether the rules you already say you follow are actually being followed. The most common Controls failure is "we have the policy and no enforcement" -- a written rule with no evidence anybody follows it. Controls is 25 percent of the Helix Score.

Technology

30% weight

The Technology pillar measures the actual stack the business runs on. It scores the CRM, the phone system, file storage, the practice-management or vertical platform, accounting, integrations, per-seat licenses, and whether the stack fits the business model. Each tool is rated on configuration quality, integration health, and seat utilization. AI tooling lives inside Technology when the business has adopted it -- CTGA does not score "AI maturity" as a separate pillar.

Technology does not measure DevOps maturity, observability, or platform engineering. Those concerns belong to engineering organizations, not the 5-to-150-person service businesses CTGA was built for. The most common Technology failure is paying for seats nobody opens. Technology is 30 percent of the Helix Score -- the largest weight because the dollar surface is largest.

Growth

20% weight

The Growth pillar measures the systems turning marketing spend into closed revenue. It scores lead capture, lead response time, qualification, conversion rates, retention, and the CRM hygiene behind all of it. Growth includes the front end (how prospects find the business) and the back end (how revenue is forecast, billed, and collected).

Growth does not measure marketing strategy, brand work, or pricing decisions. It measures whether the leads you already paid to get are converting at the rate they should. The most common Growth failure is the slow follow-up -- the average small business takes nearly two days to call a web lead, and a majority of web leads never get called at all. Growth is 20 percent of the Helix Score.

Adoption

25% weight

The Adoption pillar measures whether the team actually uses what the business has paid for. It scores login rates, feature usage on the workflows that matter, the gap between trained users and active users, and the rate at which paid software seats produce business work. Adoption is where the other three pillars succeed or fail. A perfect Controls policy is worthless if nobody follows it. A perfect Technology stack is a subscription fee if nobody opens it.

Adoption does not measure user satisfaction, feature usage at the SKU level, or HR or culture broadly. The most common Adoption failure is the founder running a parallel system because the team's tool is too painful to use. Adoption is 25 percent of the Helix Score.

What is an operations maturity assessment?

An operations maturity assessment measures how well a business's controls, technology, growth systems, and software adoption work together. Unlike IT-focused maturity models, which score infrastructure and incident response, an operations maturity assessment scores the full operating model -- financial controls, the technology stack, growth functions like sales and marketing, and whether the team actually uses the tools the business has paid for. Most assessments produce a score per dimension on a five-level scale. The CTGA Framework, built by Helix Stax for small and mid-market businesses, rolls those dimensions into a single Helix Score between 100 and 900. A score of 270 indicates basic functioning with significant unused investment; a score of 700 indicates a mature, instrumented operation that runs without founder dependence. The number is comparable quarter over quarter, defensible to investors, and short enough to remember.

Sources: Port Operational Maturity Model, Smartsheet (CMMI lineage).

The Helix Score

The Helix Score rolls those four pillars into one number from 100 to 900. Each pillar is scored on two tracks -- Systems (the configured tools and documented procedures) and People (whether your team uses any of it) -- so the headline number sits on top of eight sub-scores. Most businesses score between 250 and 400 on their first assessment. A score of 700 or above means the business runs on systems instead of heroics. The number is comparable across quarters, short enough to remember, and structured exactly like a credit score so the buyer's instinct about what bands mean is correct from the first read.

The Helix Score is not a consumer credit report, a business credit report, or an insurance underwriting score. See the full regulatory disclaimer.

How do I score my business operations from 100 to 900?

The Helix Score is a single number between 100 and 900 that summarises a business's operations maturity. It is produced by the CTGA Framework, which scores four pillars: Controls (financial and process controls), Technology (the actual stack and how well it fits the business), Growth (sales, marketing, and revenue systems), and Adoption (whether the team uses what the business paid for). Each pillar contributes proportionally to the final score. Most small businesses score between 200 and 400 on their first assessment. The threshold for an "instrumented" operation -- one that runs without founder dependence -- is approximately 650. The Helix Score is set by the founder of Helix Stax, working from data the platform collects, rather than by a software questionnaire or an averaged consultant panel. One accountable judgment, not a committee average.

Sources: Lean Six Sigma Experts.

The engagement ladder

CTGA is delivered in three tiers. The retainer ends when your Helix Score moves to the agreed band threshold -- not when a calendar runs out.

Helix Pulse

Free -- 60 minutes

A free 60-minute conversation with the founder of Helix Stax -- no intake form, no demo, no pitch deck. The buyer walks out with the top three operational gaps named, an estimated Helix Score band, and a plain-English summary of what's broken.

Core engagement

Full CTGA Assessment

Paid -- 7 days

The paid 7-day engagement producing the official Helix Score, the Helix Score Report PDF, the priority-ranked gap list, and an optional 30-day implementation roadmap.

Implementation Retainer

Monthly -- band-targeted

The monthly engagement that closes the gaps the assessment named. The team closes gaps, trains your staff, and re-scores quarterly. The retainer ends when your Helix Score moves to the agreed band threshold, not when a calendar runs out.

How CTGA is different from CMMI

Most operations maturity frameworks inherit from the Capability Maturity Model Integration scale developed at Carnegie Mellon -- five named levels, scored per dimension, used heavily inside enterprise IT transformation programs. CTGA is structurally different in three ways. First, it produces a single number from 100 to 900 instead of a per-dimension ladder. Second, its four pillars match the buyer's own vocabulary (Controls, Technology, Growth, Adoption) instead of the consultant's vocabulary (Defined, Managed, Optimized). Third, the score is set by the founder of Helix Stax with the platform feeding the data -- one accountable judgment instead of a software questionnaire or a committee average. CTGA was built for owner-operators of 5-to-150-person service businesses, not for Fortune 1000 transformation offices.

Figure 1 -- CMMI-derived models score on a discrete five-level ladder per dimension. The CTGA Framework rolls four pillars into a single continuous Helix Score from 100 to 900, with six named bands.

Figure 2 -- Operations maturity is broader than digital maturity or IT maturity. A business can have high digital maturity (lots of digital tools) and low operations maturity (controls weak, growth unmeasured, team doesn't use the tools).

Operations maturity vs digital maturity vs IT maturity

Digital maturity measures how well a business uses digital tools across the organization. IT maturity measures how reliably the IT department runs services, incidents, and infrastructure. Operations maturity is broader than either: it scores the full operating model -- controls, technology, growth systems, and adoption -- against a defined framework. A business can have high digital maturity (lots of digital tools) and low operations maturity (nobody uses the tools, controls are weak, growth is unmeasured). The CTGA Framework, used by Helix Stax, is an operations maturity model rather than a digital or IT maturity model. It scores the four pillars on a 100-900 scale and produces a single Helix Score rather than the five-level ladder common to CMMI-derived models. The distinction matters because the buyer for an operations maturity assessment is usually the owner-operator or COO, not the CIO.

Sources: PagerDuty, Port.io.

How is CTGA different from other maturity frameworks?

Most operations maturity frameworks -- Accenture's Intelligent Operations, PagerDuty's Digital Operations Maturity Model, the CMMI-derived models -- score per dimension on a five-level ladder (Reactive, Defined, Optimized, etc.). They were built for enterprise IT or transformation programs. The CTGA Framework is different in three ways. First, it produces a single Helix Score between 100 and 900 rather than a per-dimension ladder -- comparable across quarters, defensible to investors. Second, its four pillars (Controls, Technology, Growth, Adoption) match how a small-business owner already thinks about the company, rather than how a consultant categorises a transformation program. Third, the score is set by the founder of Helix Stax, with the platform feeding the data -- one accountable judgment rather than a software questionnaire or a committee average. That judgment is shaped by a founder who studied at Harvard and MIT and a team with experience working alongside enterprises like Xfinity. The framework was built for owner-operators of 5-to-150-person service businesses, not for Fortune 1000 transformation offices.

Sources: Accenture Intelligent Operations, Lean Six Sigma Experts.

The six-band rubric

The Helix Score lands in one of six bands. The band is the qualitative read on the quantitative number -- what the score actually means about how the business runs day to day. Most first-time scores land in Developing.

The six Helix Score bands, from Critical (100-249) to Optimal (850-900), with the canonical descriptor for each band.
Band	Range	Label	What it means
1	100-249	Critical	Basic operations function, but the business is exposed. Compliance gaps are real. Software waste is high. Lead leakage is the norm. The team works around the systems instead of through them. Typical for businesses that grew faster than their infrastructure. The fix is straightforward and the payback clock is short.
2	250-399	Developing	The most common first-assessment band. The bones are in place. Some tools work, some don't. Some processes exist, some are tribal knowledge. Visible improvement happens in 90 days when the right gaps get prioritized -- usually the gap between what you bought and what your team uses.
3	400-549	Functional	The running-without-daily-emergencies band. Most tools are used by most of the team most of the time. Compliance is mostly current. Growth is measurable. The owner can take a week off without the business breaking. Next-band gains come from instrumentation -- turning "mostly" into "measurably."
4	550-699	Strong	The runs-on-systems-not-heroics band. The four pillars work together. Most of the team works through the tools, not around them. Compliance is documented and defensible. Lead response is fast. The owner is no longer the bottleneck. Next-band gains come from closing the last gaps that still depend on the founder being in the room.
5	700-849	Leading	A reference operation. The systems and the team are aligned. The owner is replaceable on any given day. Compliance is proactive. Software waste is below industry benchmarks. Lead response is sub-five-minute. The business can absorb growth without redesign. Most businesses in this band are preparing for acquisition, succession, or a step-change in scale.
6	850-900	Optimal	The rare top band. The business runs at the practical ceiling of what CTGA measures. Reaching it requires sustained investment in all four pillars. Most operations do not need to be here; this band is for businesses where operational quality is itself the competitive moat.

Pillar weights

The four pillars do not contribute equally to the Helix Score. Opacity on weights looks defensive. Publishing them deliberately is part of why the score is credible.

Pillar weights for the CTGA Framework v2.1: Controls 25 percent, Technology 30 percent, Growth 20 percent, Adoption 25 percent.
Pillar	Weight	Why
Controls	25%	Binary-failure mode -- when Controls fails, it tends to fail catastrophically (audit finding, insurance non-renewal, regulatory action).
Technology	30%	Largest dollar surface area on the typical SMB balance sheet -- software is the second-largest controllable expense after payroll.
Growth	20%	Important but the most variable across business models; the weight is conservative until the corpus reveals the true distribution.
Adoption	25%	The amplifier -- Adoption is what determines whether the other three pillars produce returns or sit on a shelf.

The formula and the maturity scale

The Helix Score is produced by the formula below, operating over the weighted maturity inputs gathered during a Full CTGA Assessment. The same maturity inputs, scored against the same methodology version, will yield the same Helix Score forever.

HelixScore = 100 + ((Sum wi * Mi) / (Sum wi * Maxi)) * 800

where:
  wi   = the published weight of capability i
  Mi   = the observed maturity level of capability i (1-5)
  Maxi = the maximum maturity level (always 5)

The formula is anchored at the floor of 100 and the ceiling of 900, normalized through the ratio of weighted observed maturity to weighted maximum maturity, multiplied by the 800-point span, and added to the 100-point floor.

The capability model -- 40 engine capabilities, 25 rolled-up clusters

The CTGA scoring engine operates on 40 capabilities -- five questions per pillar, per track (5 x 2 x 4 = 40). Each capability has a five-level rubric, a published weight inside its pillar-and-track group, and a stable identity (e.g. C-systems-1). The 40 engine capabilities produce 40 capability scores, which roll into 8 track sub-scores, which roll into 4 pillar scores, which roll into the single Helix Score. In some buyer-facing surfaces the framework prints 25 rolled-up clusters instead of the 40 engine capabilities -- the engine is 40, the marketing layer is 25, and the methodology page picks whichever serves the immediate clarity goal.

The 1-5 maturity scale

Every capability is scored on a 1-to-5 maturity scale. The same five-level ladder applies to both the Systems track and the People track. Reconciling the two tracks to a single scale is what makes the eight sub-scores comparable.

The canonical 1-to-5 maturity scale used across both Systems and People tracks: Reactive, Developing, Defined, Managed, Optimized.
Level	Name	What it means
1	Reactive	Capability exists in name only. Activity happens when something breaks. No documented process, no consistent owner, no measurable outcome.
2	Developing	Capability has a basic shape. Some procedures written, some followed. Outcomes inconsistent. Recovery from incidents takes longer than it should.
3	Defined	Capability is documented and mostly followed. Outcomes meet baseline expectations. Improvement work happens when the team has time.
4	Managed	Capability is instrumented, measured, and reviewed. Outcomes are predictable. Continuous improvement is part of the operating rhythm.
5	Optimized	Capability is a competitive advantage. Outcomes exceed industry norms. The capability itself improves faster than the market changes.

Certain capabilities are critical enough that a maturity level of 1 caps the overall Helix Score regardless of what the rest of the inputs say -- see the critical-floor mechanism documented in the architecture spec. Every Helix Score is stamped with a methodology version (v2.1.0 at ship). The appeal path is documented at /legal/helix-score-disclaimer.

What you do with the score

The score is a baseline. The deliverable from a Full CTGA Assessment is the score plus a priority-ranked gap analysis -- the three gaps that, closed first, move the Helix Score fastest. Most businesses do not need every gap closed. They need the three that pay back first.

Book Your Free Pulse

60 minutes with our team. No pitch deck. You keep the results.