Flexible consulting on statutory and common requirements

Every business small to large has a different set of cybersecurity requirements due to the differing complexity of their digital systems. The backbone of your business is where availability, security, resilience and appetite for risk and growth all meet. That's our focus.

Following compliance codes will make you a little more secure. But no more than having a driving license means you'll never have an accident. The point is to raise your awareness and focus on areas where almost all businesses make mistakes, so you can avoid that future cost.

Starting with the basics: Whatever the differences in systems there are common requirements and regulations every company must achieve:

• Adhering to GDPR
• Providing the right level of security as set by the NCSC (based on company size and turnover)
• Implementing PII and secure payment services properly
• Securing websites and company data
• Providing an acceptable level of cybersecurity and documentation to work with third-parties
• Maintaining availability of systems and data
• Working with servers and endpoint devices
• Working with legacy systems and programs
• Incident response, planning, prep and recovery

Almost all cybersecurity goals for businesses lie in this range of common requirements.

We have a team that specialise in resolving those basics, fast.

The main thrust of cybersecurity is not applications or software (where only 10% are ever even active), it's about assessment of:

• Systems
• Risks
• Processes
• Policy
• Technology
• Technical ability

We know from experience that the best way to achieve a full assessment is on premises with the tech and teams that create, maintain, and use it.

Once we have assessed the businesses cybersecurity posture and goals we work with clients to achieve them, to mitigate risks and achieve the level of security required within budget.

Many companies already have cybersecurity teams who perform this task for them on a daily basis but there are many who do not have a daily requirement for security services. We work with companies to achieve the same goals contractually and as independent assessors for external audits.

Our main services are:

• Risk and vulnerability assessments with detailed reports on mitigations.
• Assessing compliance and advising on GDPR, Dora, PII and further regulations.
• Accessing, advising, security engineering, completing the self-assessment for Cyber Essentials.
• Performing pre-assessment checks for Cyber Essentials Plus.
• Accessing, advising, security engineering and performing the internal audit for BSI ISO27001 all the way to achieving the accreditation with an external audit.
• System migrations. From Windows Server to Linux or BSD. File-systems to IPFS, Plan9 and other ultra-robust traditional UNIX models.
• Advising and assessing systems, policy and processes to achieve a positive security model.
• Understanding and advancing security in areas like:
  • Post quantum.
  • Zero-trust and zero proof architectures.
  • Emerging operating systems and hardware (RISC-V etc).
  • Language model ("AI") partitioning and isolation.
• Security engineering and design.
• Development pipelines.
• Incident response planning.