Skip to content
Volume 01 — Engineering, Cloud, Securitycandleandspell.com

A technology practice, not a template.

We build the software and infrastructure your business quietly depends on.

SPELL BOOK AND CANDLE LTD is an independent technology company. We design, engineer, and operate custom software, cloud platforms, and security programs for organisations that treat their systems as core operating infrastructure — not disposable projects.

Dark server room corridor with warm illumination from equipment racks
Fig. 001Data hall / East corridor
Software Engineering
Cloud & Platform
Cybersecurity
Data & Integration
§ 01
Company overview

An independent engineering practice, structured for long-term work.

SPELL BOOK AND CANDLE LTD operates as a focused technology company. We assemble small, senior teams around each engagement and remain accountable for the systems we build long after they enter production. Our clients are organisations whose operations, revenue, or reputation rely on software behaving correctly under real conditions.

We work across the full lifecycle: architecture, delivery, operations, and continuous improvement. The company was structured to avoid the typical trade-offs between consulting-style breadth and product-team depth — we bring the discipline of a product organisation to work delivered under a services model.

§ 02
Core services

Four disciplines, one delivery model.

  1. Discipline

    Custom Software

    Bespoke web and internal applications engineered around real workflows, integrated with the systems your business already runs on.

  2. Discipline

    Cloud & Platform

    Reference architectures, migrations, and platform engineering on AWS, Azure, and Google Cloud, with cost and reliability built in from the start.

  3. Discipline

    Cybersecurity

    Threat modelling, hardening, identity, monitoring, and incident readiness aligned to recognised frameworks and your regulatory context.

  4. Discipline

    Data & Integration

    Data pipelines, warehousing, APIs, and systems integration that make information usable across departments and tools.

§ 03
Problems we solve

Recognisable business problems, engineered away.

Legacy that resists change

Ageing systems that block new products, slow every release, and consume disproportionate operational effort.

Manual work at scale

Spreadsheets and hand-offs standing in for missing software, quietly costing hours per person per week.

Fragile integrations

Point-to-point connections between tools that break with every upgrade and hide the true state of the business.

Cloud cost drift

Environments that grew organically, now producing bills nobody can fully explain or predict.

Security uncertainty

Controls that were adequate three years ago and haven't been reviewed against current threats or obligations.

Data you cannot trust

Reports that disagree, definitions that vary between teams, and decisions made on estimates instead of evidence.

§ 04
Technology capabilities

A deliberate stack, chosen for durability.

We work primarily with mature, well-supported technologies: TypeScript and Python across application code; React, Next.js, and modern SSR frameworks on the web; Node.js, Go, and .NET on the server; PostgreSQL as the default system of record; and container-based deployment on Kubernetes or managed equivalents. We choose newer tools when they genuinely reduce risk or effort — not because they are novel.

Macro view of glowing fiber optic strands used in data infrastructure
  • TypeScript
  • Python
  • Go
  • Node.js
  • .NET
  • React
  • Next.js
  • PostgreSQL
  • Kafka
  • AWS
  • Azure
  • GCP
  • Kubernetes
  • Terraform
  • OpenTelemetry
  • GitHub Actions
§ 05
Software development process

Delivery is a discipline, not a phase.

Every engagement begins with discovery: we sit with the people who will use and operate the system, map current workflows, and agree on the outcomes that will define success. From that shared understanding we produce a working architecture, a delivery plan with visible milestones, and a working environment within the first two weeks.

We deliver in short, reviewable increments. Code is written test-first where the domain allows, subject to peer review, and shipped through automated pipelines. Nothing enters production without instrumentation, rollback, and a named owner. When priorities change — and they will — we replan openly rather than absorb the change silently.

  1. Phase 01
    Discovery
  2. Phase 02
    Architecture
  3. Phase 03
    Iterative build
  4. Phase 04
    Hardening
  5. Phase 05
    Operate & evolve
§ 06
Cloud & infrastructure

Cloud environments engineered like production systems.

Layered translucent glass panels evoking cloud infrastructure architecture

We design cloud environments as first-class systems: version-controlled infrastructure, explicit network boundaries, least-privilege identity, and observability wired in from day one. Environments are reproducible, cost is attributable to a service, and every change passes through the same pipeline as application code.

Whether the work is a greenfield platform, a migration from on-premise, or the tidying of an environment that grew organically over years, our objective is the same: a cloud estate that is predictable to operate, reasonable to pay for, and safe to change.

§ 07
Cybersecurity

Security treated as an engineering property.

Security is designed into systems, not applied afterwards. We conduct threat modelling during architecture, harden defaults, review dependencies continuously, and align controls to recognised frameworks such as ISO 27001, SOC 2, NIST CSF, and the OWASP ASVS. Identity, secrets, logging, and access review are treated as core deliverables.

For organisations without an in-house security function, we run structured programs: posture assessment, remediation planning, monitoring, tabletop exercises, and readiness for third-party audits. For established security teams, we provide additional engineering capacity where it is needed most.

§ 08
Industries

Sectors where we do our best work.

  • Financial services

    Payments, back-office platforms, and compliance-adjacent systems where correctness and auditability are non-negotiable.

  • Healthcare & life sciences

    Clinical workflow tools, data platforms, and integrations that respect patient safety and privacy obligations.

  • Professional services

    Practice management, client portals, and knowledge systems for firms whose product is expertise.

  • Logistics & operations

    Planning, tracking, and integration systems that make physical operations legible and controllable.

  • Retail & e-commerce

    Storefronts, order management, and integrations across suppliers, carriers, and financial systems.

  • Public sector & regulated

    Case management and reporting systems that meet accessibility, transparency, and procurement requirements.

§ 09
Why us

Reasons organisations choose to work with us.

  • Senior teams, throughout

    The engineers who plan the work stay on the work. We do not staff with juniors under a senior badge.

  • Written accountability

    Decisions, risks, and trade-offs are recorded. There is always a document that explains why the system is the way it is.

  • Operational realism

    We consider the second year of a system before we ship the first. Runbooks, cost, and evolution are part of the design.

  • Independent by design

    We are not a reseller of any vendor's stack. Recommendations reflect what suits the problem, not a partnership tier.

  • Clear communication

    No status theatre. Progress is demonstrated, risks are named early, and estimates are revised in the open.

  • A long-term horizon

    We build with the assumption that we, or the client's team, will be maintaining the system in five years.

§ 10
Delivery principles

How we run a project.

  • Small teams, few hand-offs

    Fewer people, closer to the problem, own more of the outcome.

  • Working software early

    A thin end-to-end slice ships in weeks, not quarters, so the plan can meet reality.

  • Reversible decisions

    Choices are structured so the cost of changing them later stays low.

  • Instrument before you ship

    If we cannot observe it in production, we do not release it.

  • Documented as we go

    Architecture, decisions, and operational procedures grow alongside the code.

Drafting compass and steel ruler resting on a printed technical blueprint
§ 11
Quality assurance

Testing that reflects how the system will actually be used.

Our approach to quality begins with the definition of "done" and ends only when a change has been observed to behave correctly in production. We combine unit and contract tests for internal correctness, integration and end-to-end tests for user-facing behaviour, and targeted performance and resilience tests where the system's obligations demand them.

Test suites are part of the delivered product. They run on every commit, gate every deployment, and are maintained with the same care as the code they cover. Where the domain justifies it, we add exploratory testing, accessibility review, and structured user acceptance sessions with the people who will operate the system.

§ 12
Data protection

Reliability and data protection as default states.

Close-up of a stylised circuit board with copper pathways representing secure infrastructure

Backups are verified by restore, not by log line. Recovery objectives are agreed with stakeholders and periodically rehearsed. Personal data is minimised, encrypted in transit and at rest, and handled in line with applicable regulation — including the GDPR and equivalent frameworks — regardless of whether a formal request is on the table.

Where we operate systems on behalf of clients, incident response is a documented procedure with named roles, communication templates, and post-incident review. The objective is not the appearance of security, but its practical presence.

§ 13
A note on collaboration

Engagements structured for continuity.

We deliberately keep our list of concurrent engagements small. Each client is assigned a technical lead and a delivery lead who remain constant across the work; escalation paths are known from day one. This structure is what allows us to keep decisions coherent as systems grow and priorities shift.

Whether the engagement is a discrete build, an embedded team alongside your engineers, or a longer-term operational partnership, the principle is the same: fewer, better relationships, sustained over time.

§ 14 / End

SPELL BOOK AND CANDLE LTD — a technology partner that stays.

If you are considering a technology partner for a piece of work that matters, we would rather have a substantive conversation about it than send you a brochure. Written enquiries reach us directly at the address below.

Registered name
SPELL BOOK AND CANDLE LTD
Correspondence
[email protected]
Website
candleandspell.com
Modern glass office building at dusk with warm interior light behind a grid facade