Demonstrate that you take security seriously

Get certified to show you care about protecting all the information you handle. Whether its customers, colleagues, partners, or suppliers, organisations face increasing demand to prove that appropriate measures are in place to keep valuable data assets safe from the threat of accidental compromise and cybercrime with malicious intent.

Cyber Security Certifications are highly accessible to businesses of all sizes, and represent a fast, affordable and accessible way to boost competitive and commercial advantage.

Cyber Essentials

We’re an NCSC approved and licensed IASME Consortium Certification body. Work with us to reduce phishing-related risks and other low-level attacks, implement the NCSC’s set of pragmatic security measures and achieve Cyber Essentials and Cyber Essentials Plus (CE+) certification.

Most cyber attacks use basic techniques and don’t need sophisticated cybercriminal organisations to mastermind the disruption. Cyber Essentials is designed to prevent these types of attacks and minimise your organisation’s appeal as a potential target for more serious unwanted attention.

Guard against the most common cyber attacks, show your commitment to protecting your organisation from cyber threats and stand out as the obvious choice for prospects and customers with Cyber Essentials.

A simple self-assessment is all it takes to become compliant with this government-backed scheme.

Ask about how we can help guide you through the process.

Becoming certified with the CE Scheme may also qualify you for a level of free cyber insurance.

Get added peace of mind that your technical controls and defences will protect against the vast majority of common cyber attacks and reduce your exposure to costly damage and disruption.

Cyber Essentials Plus includes hands-on technical verification in addition to the Cyber Essentials protections. We can provide support to complete independent audit checks and test your organisation’s defences to ensure they comply with the CE Standard.

An audited assessment is performed on a representative sample of the infrastructure for common vulnerabilities across these areas: 

Boundary Firewall and Gateways
Secure Configuration
User Access Control
Malware protection
Patching

You’ll get a report explaining any gaps in security and what you need to do to address them.

For some industries, CE certification is mandatory to demonstrates that cyber security is taken seriously, is independently verifiable, and comes with automatic cyber liability insurance.

Both levels of certification are designed to be simple and effective for organisations of all sizes.

Case studies

AltlawView / Download pdf

Swansea Bay University Health BoardView / Download pdf

Larkspur InternationalView / Download pdf

Security Standards & Certification

The ultimate cyber security certification goal

Boost your cyber security reputation with ISO 27001.

Customers, governments and regulatory bodies are looking for the ISO 27001 badge that promotes the security and integrity of organisations. Full compliance sets you apart from the rest and demonstrates that your information security management system follows all best practices to protect against threats like ransomware.

Work with us to simplify the challenge and accelerate your progress towards achieving the certification.

Keen to compete with the biggest tech players?

Strengthen customer and stakeholder relationships, avoid costly damage associated with data breaches and security incidents, and gain real advantage over competitors with ISO 27001 certification – the international standard recognised globally for demonstrating good security practices and proactively reducing information security risk, and the sign of an organisation that can be trusted with data.

ISO 27001 provides a framework of standards for how a modern organisation should manage their information and data. It pays close attention to risk management, as a reflection of how well the organisation understands where their security strengths and weaknesses lie.

We provide consultancy for assessment and pragmatic implementation of an information security management system (ISMS) to guide organisations into compliance and certification with the ISO 27001 information security management standard.

Is ISO 27001 essential for your organisation?

Certification to ISO/IEC 27001 is not obligatory, and does not mandate specific tools, solutions, or methods. The standard functions as a compliance best-practice checklist that organisations gain significant value from.

ISO 27001 certification is a requirement for vendors and other third parties in industries that handle very sensitive information, including the health and finance sectors.

Already ISO 27001 certified? Scroll down to ISO 27001 Audit [Link to ISO27001 Audit] to maintain the standard.

Meet your obligation to ensure appropriate and secure handling of patient data

Apply the NHS Data Security and Protection Toolkit (DSPT – formerly NHS IG) to ensure the safeguarding of any NHS patient data your organisation has access to.

Own your responsibility to protect sensitive patient records and achieve compliance without the headaches.

Our NCSC certified consultants are here to support and guide you through the NHS DSPT self-assessment, whether you’re currently operating in the healthcare industry or plan to in future.

Based on a gap analysis comparing existing security with National Data Guardian security standards, we’ll supply a plan to comply and support with next steps to implement necessary measures to improve security.

The NHS DSPT leads to full compliance with the 10 National Data Guardian Data Security Standards and applies to all organisations in the health sector.

You need to know about the NIS Directive

All businesses considered as part of critical sectors including financial services, health, water, energy, transport and telecommunications are required to regularly assess risk and ensure appropriate controls are in place under the Directive on security of network and information systems (the first piece of EU-wide legislation on cyber security).

This Directive also applies e-commerce platforms such as online marketplaces, an online search engines and cloud services providers*.

Operator of Essential Services	Digital Service Providers
The government has been refining the identification thresholds used to define who is in scope to make them clearer and help companies understand whether they need to comply.	The scope of those who have to comply with NISD is limited to "those companies whose loss of service could have the greatest impact on the UK economy, either directly or through impact on other companies". This includes Software as a Service companies but excludes micro and small businesses.
OESs and DSPs are responsible for ensuring that their suppliers have appropriate measures in place to ensure they are compliant.

It’s mandatory for OESs to be assessed against the NCSC NISD Cyber Assessment Framework (CAF)

Still unsure whether NISD applies to you? If you’re part of the supply chain of any of these types of providers, it may also be relevant to your business.

Demystifying compliance requirements like NISD can be a mind-boggling, stressful and resource-hungry task. We’ll support you with any actions you need to take to achieve compliance with the NCSC NISD Cyber Assessment Framework.

*unless you are subject to sector specific regulation.

Attackers only need one way in

SCADA enables easy management of remote sensors and actuators, and has become an essential part of National Infrastructure.

A vast list of applications form part of the Supervisory Control and Data Acquisition (SCADA) system, from water level sensors in a water plant to heating controls in an office. It’s important to remember that the SCADA architecture is based on hierarchy with one central command point sitting at the top. Immensely convenient and efficient for organisations, one single target for attackers to exploit.

Our consultants specialise in ICS and SCADA security, and are fully compliant with the US NERC Critical Infrastructure Protection (NERC CIP) Standards. Our experience covers everything from telemetry systems to power generation, including UK Civil Nuclear.

Case studies

Health Mgmt. LtdView / Download pdf

HS2View / Download pdf

Cyber Security Audit

Use our ISO 27001 Audit services to understand what steps you need to take to work towards certification or maintain compliance with the standard.

If your organization has previously received a certification, you could be at risk of failing a future audit and losing your compliance designation without it. It could also prevent you from operating in certain geographies.

Where are you now, and where do you need to be?

Get the most out of any measures to improve cyber security posture with a clear view of current cyber maturity for people, process and technology.

Our Cyber Maturity assessment takes into account organisation cyber security culture and cyber control groups, interviewed and assessed against a set of metrics capturing key operational areas. Outcomes are packaged into a final report summarising current maturity levels, where the organisation should be, plus a 6, 12 or 18 month plan determining how to get there.

Pre-assessment review

Performing a gap analysis can be a useful first step to carrying out a full Cyber Maturity assessment. This high-level review of your cyber security profile will be delivered as a report including recommendations on how to mitigate risks identified.

Case studies

HS2View / Download pdf