What We Do

Every Service an SME Needs Under One Roof

9 ServicesCE to ISO 27001SME-Focused
Our Services

What We Cover

Cyber Essentials & CE+

Most government contracts and an increasing number of supply-chain questionnaires require Cyber Essentials.

Learn more

ISO 27001 Alignment

ISO 27001 is the standard that unlocks enterprise contracts.

Learn more

Virtual CISO

You need someone who can own your security strategy, present to the board, manage vendor risk, and be the escalation point when something goes wrong.

Learn more

GRC Support

GDPR, NIS2, sector regulators, supply-chain requirements — the list of things you need to comply with keeps growing.

Learn more

Security Audits

Most SMEs have some security in place.

Learn more

Gap Analysis

A gap analysis answers one question: how far are you from meeting a specific standard?

Learn more

Policy & Framework Development

Here is what we see constantly: organisations with no formal security policies at all, or organisations with policies copied from a template five years ago that bear no resemblance to how they actually operate.

Learn more

Risk Management

If you are making security decisions without a risk assessment, you are guessing.

Learn more

Incident Response Advisory

When a breach happens, the first few hours determine the outcome.

Learn more
Flagship Service

Cyber Essentials & CE+

Most government contracts and an increasing number of supply-chain questionnaires require Cyber Essentials. It is the baseline. The problem is that the self-assessment form asks questions in a way that trips people up, the scoping is confusing, and organisations that should pass easily end up failing on technicalities. We fix that.

We start by defining exactly what is in scope — which systems, which users, which networks. Then we audit your setup against the five control themes: firewalls, secure configuration, access control, malware protection, and patch management. Where there are gaps, we tell you what to fix and how. When you are ready, we handle the submission. For CE+, we prepare you for the hands-on technical verification too.

Cyber Essentials

What's Included

  • Scope definition
  • Self-assessment review
  • Technical controls audit
  • Remediation guidance
  • Submission support
  • CE+ verification prep
Best for: SMEs bidding on government contracts or needing baseline certification
Flagship Service

ISO 27001 Alignment

ISO 27001 is the standard that unlocks enterprise contracts. When a larger client asks "do you have an ISMS?" they are really asking "can we trust you with our data?" Alignment — or full certification — answers that question. For growing businesses, it is often the single biggest differentiator when competing for larger work.

We take you through the entire process. Gap analysis against Annex A controls, risk assessment framework, ISMS documentation, Statement of Applicability, supporting policies — all built to fit your organisation, not copied from a template. When the external audit comes, we handle the liaison with the certification body and make sure it runs cleanly.

ISO 27001

What's Included

  • Gap analysis
  • Risk assessment framework
  • ISMS documentation
  • Statement of Applicability
  • Internal audit support
  • Certification body liaison
Best for: Growing businesses that need ISO 27001 to win bigger contracts
Security dashboard and strategy overview
Core Service

Virtual CISO

You need someone who can own your security strategy, present to the board, manage vendor risk, and be the escalation point when something goes wrong. You probably do not need that person full-time, and you definitely do not want to pay a six-figure salary for it. That is what a Virtual CISO solves.

We integrate into your leadership team on a fractional basis. Your vCISO develops and maintains your security strategy, reports to the board, oversees governance, and makes sure your security programme keeps pace with business growth. When incidents happen or strategic decisions come up, you have someone experienced to call.

What's Included

  • Security strategy development
  • Board-level reporting
  • Vendor risk oversight
  • Security programme governance
  • Incident escalation support
  • Regulatory guidance
Best for: Businesses that need a security leader without the full-time hire
Core Service

Security Audits

Most SMEs have some security in place. The problem is nobody has ever told them whether it actually works. That is what an audit fixes. We come in, look at everything — your network setup, access controls, endpoint protection, how your team handles data — and give you an honest assessment. Not a 50-page report full of theoretical risk scores. A clear picture of what is working, what is not, and what to fix first.

Every audit ends with two deliverables: an executive summary your leadership can actually read, and a technical remediation list your IT team can act on. We prioritise findings by real business impact, not by what looks impressive on paper. If you want us to come back and verify the fixes landed properly, we do that too.

What's Included

  • Technical controls review
  • Process and people assessment
  • Risk-rated findings
  • Executive summary report
  • Prioritised remediation list
  • Follow-up verification
Best for: Organisations that need an honest, independent look at their security
Security audit and consulting session
Professional consulting and incident response
Core Service

Incident Response Advisory

When a breach happens, the first few hours determine the outcome. Organisations that have planned, practised, and prepared recover faster and suffer less damage. The ones that have not end up making panicked decisions, missing regulatory notification deadlines, and turning a bad situation into a crisis.

We build your incident response capability — or sharpen what you already have. That means an IR plan written for your organisation, escalation procedures, communication templates, and tabletop exercises where your team practises detecting, containing, and recovering from realistic scenarios. We also cover regulatory notification requirements under GDPR and NIS2, so you meet your legal obligations without delay.

What's Included

  • IR plan development
  • Tabletop exercises
  • Communication templates
  • Escalation procedures
  • Post-incident review framework
  • Regulatory notification guidance
Best for: Organisations without a tested incident response capability
Support Services

The Rest of the Stack

GRC Support

GDPR, NIS2, sector regulators, supply-chain requirements — the list of things you need to comply with keeps growing.

  • Governance framework design
  • Compliance mapping
  • Risk register development
  • Policy lifecycle management
Best for: Organisations juggling multiple compliance requirements

Gap Analysis

A gap analysis answers one question: how far are you from meeting a specific standard?

  • Standard-specific assessment
  • Current-state mapping
  • Gap identification report
  • Prioritised remediation plan
Best for: Organisations targeting a specific certification or compliance standard

Policy & Framework Development

Here is what we see constantly: organisations with no formal security policies at all, or organisations with policies copied from a template five years ago that bear no resemblance to how they actually operate.

  • Information security policy suite
  • Acceptable use policies
  • Incident response procedures
  • Business continuity planning
Best for: Organisations with no policies or outdated templates

Risk Management

If you are making security decisions without a risk assessment, you are guessing.

  • Risk assessment methodology
  • Asset-based risk identification
  • Risk treatment plans
  • Risk appetite definition
Best for: Organisations that need evidence behind their security decisions

Standards We Align With

Cyber Essentials
Cyber Essentials
ISO 27001
ISO 27001
NCSC
NCSC
NIST
NIST

Ready to get started?

Book a free call and tell us what you're working on. We'll let you know how we can help.

Book a Free ConsultationView Services