Service Offerings
Practical cybersecurity services designed for SMEs. From foundational compliance to UK public sector readiness and AI governance.
Compliance & Security
ISO 27001, ISMS, Microsoft 365 security, R&D project support. Foundational cybersecurity for SMEs.
Learn more
UK Public-Sector Compliance
Cyber Essentials, NHS DSPT, Defence SAQ support. Win and keep UK public-sector contracts.
Learn more
AI Governance
Risk assessment, policy development, and compliance for AI adoption (GDPR, ISO 27001, EU AI Act).
Learn moreCompliance & Security Foundations
Foundational cybersecurity services for SMEs and startups
Security Health Check
Scope:
Rapid review of your current security posture covering access controls, backup strategies, patching processes, and security tooling. Identifies top vulnerabilities and provides prioritized remediation guidance for immediate risk reduction.
Who it's for:
Tech-driven SMEs without a dedicated security function needing a reality-based security view
What you get:
- Honest snapshot of current security posture (tools, access, backups, patching)
- Top 10 issues with practical, prioritised recommendations
- Board/investor-ready security assessment
Deliverables:
Short report (5-7 pages) with current state, issues, and recommendations
ISO 27001 Readiness Assessment
Scope:
Comprehensive gap analysis against ISO/IEC 27001:2022 requirements and all Annex A controls. Assess your organization's current information security management practices, identify compliance gaps, and create a realistic roadmap to certification.
Who it's for:
SMEs preparing for ISO/IEC 27001:2022 certification needing a realistic plan
What you get:
- Gap analysis against ISO/IEC 27001:2022 requirements and Annex A controls
- High-level risk register (top 10-20 information security risks)
- Draft Statement of Applicability (SoA) outline and prioritised action plan
Deliverables:
Written report (PDF) + executive presentation (slide deck)
Information Security Management System (ISMS)
Scope:
Establish foundational ISMS documentation tailored to your organization. Create essential security policies, risk assessment frameworks, and audit processes aligned with ISO 27001 requirements. Provides the documentation structure needed for certification without costly full implementations.
Who it's for:
SMEs preparing for ISO 27001 needing policies and structure, not a full implementation
What you get:
- Core ISMS documentation: scope, policies (Info Sec, Access Control, Incident)
- Risk assessment template and populated initial risk register
- Internal audit checklist and usage guidance
Deliverables:
Full ISMS document set (Word/Google Docs) + review call
Security Support for Tech R&D Projects
Scope:
Provide security and privacy documentation for R&D and innovation projects. Create risk assessments, data flow mappings, and governance frameworks that satisfy grant funder requirements and customer due diligence. Focus on documentation and compliance, not technical security implementation.
Who it's for:
Companies doing R&D/innovation projects needing risk assessments, data flow documentation, and security evidence for grant funders or customers (not building secure AI/ML systems)
What you get:
- Risk assessment and data flow mapping for R&D projects
- Security & privacy documentation for grant applications and partner reviews
- Governance framework aligned to funder requirements (not technical implementation)
Deliverables:
Project Security & Privacy Plan (5-10 pages), data flow diagrams, risk log, Q&A support for applications
Microsoft 365 Security & Governance Review
Scope:
Comprehensive review of Microsoft 365 tenant security covering identity management, email security, collaboration tools, device policies, and AI features (including Copilot). Assess where sensitive data lives, who can access what, and how AI tools interact with your security posture. Identify misconfigurations and gaps against Cyber Essentials, ISO 27001 Annex A, DSPT, and public-sector security standards. Deliver prioritized remediation roadmap with practical Copilot governance baseline.
Who it's for:
SMEs on Microsoft 365 working towards Cyber Essentials, ISO 27001, DSPT, or public-sector contracts, including organizations deploying or piloting M365 Copilot and AI features
What you get:
- Review of identity (MFA, admin roles, conditional access), email, collaboration, devices, and AI features
- Assessment of Copilot and AI tool configurations, data exposure risks, and sharing settings
- Alignment with Cyber Essentials, ISO 27001 Annex A, and public-sector expectations
- Copilot governance model recommendations (who approves what, in which areas)
- Prioritised M365 Security Action Plan (do now / next / later)
Deliverables:
M365 Findings Report (10-15 pages) covering security posture and AI/Copilot risks, Copilot Governance Baseline, Configuration Change Checklist, Action Plan, optional IT/MSP handover call
Public-Sector & Supplier Readiness (UK)
Win and keep UK public-sector contracts. From Cyber Essentials to NHS DSPT and defence supplier assurance.
Public Sector Readiness Scan
Scope:
Fast assessment of your organization's security posture against UK public-sector requirements. Compare current controls against Cyber Essentials, NHS DSPT, and government supplier assurance standards. Identify bid-critical gaps and create rapid remediation plan.
Who it's for:
SMEs bidding for UK public-sector work who need a quick view of security posture vs requirements
What you get:
- Clear view of current setup vs Cyber Essentials, DSPT, supplier assurance
- Prioritised actions grouped by urgency (do now / next / later)
- Realistic options for bid-critical security improvements
Deliverables:
Public-Sector Security Readiness Report (5-7 pages), optional debrief call
Cyber Essentials Readiness & Implementation Support
Scope:
Complete preparation for Cyber Essentials certification. Pre-assess your controls against all CE requirements (firewalls, secure configuration, access control, malware protection, patch management). Create technical implementation roadmap and provide questionnaire completion support to pass first time.
Who it's for:
SMEs needing Cyber Essentials for government contracts without trial-and-error submissions
What you get:
- Pre-assessment against CE control requirements (firewalls, config, access, malware, patching)
- Implementation action plan for IT/MSP with specific technical changes
- Questionnaire support pack with draft answers and evidence list
Deliverables:
Pre-Assessment Report, Implementation Plan, Questionnaire Support Pack
NHS Data Security & Protection Toolkit (DSPT)
Scope:
End-to-end support for NHS Data Security and Protection Toolkit compliance. Map your current controls against all DSPT assertions, identify gaps, implement required evidence, and prepare portal submission materials to achieve annual "Standards Met" status.
Who it's for:
SMEs with NHS patient data access needing to achieve "Standards Met" annually
What you get:
- Structured route to "Standards Met" with clear DSPT assertion mapping
- Gap analysis and action plan with owners and target dates
- Draft portal answers and evidence references for NHS DSPT submission
Deliverables:
DSPT Gap Analysis, Action Plan, Response Pack for portal entry
AI Governance & Security
Adopt AI securely and responsibly. Meet ISO 27001, GDPR, and evolving EU/UK regulatory landscape.
AI Readiness & Risk Assessment
Scope:
Review how your organisation is using - or plans to use - AI tools (M365 Copilot, Azure OpenAI, SaaS AI such as ChatGPT, CRM/HR integrations). Map use cases, data flows and dependencies; assess risks across security, privacy, IP, compliance and vendor risk; and prioritise actions so you can move forward safely without killing the business case.
Who it's for:
SMEs and scale-ups already experimenting with AI tools but worried about "shadow AI" and data leakage Organisations under pressure from customers/boards to show AI is being used in a controlled, compliant way Teams planning an AI roll-out and wanting a structured, defensible risk view before committing
What you get:
- A clear picture of where AI is (or will be) used, which data is touched, and where the real risks sit
- A prioritised, realistic action plan that fits your size and maturity
- Talking points and evidence for internal stakeholders, customers and auditors
Deliverables:
AI use-case and data-flow inventory (lightweight but structured) Risk assessment covering security, privacy, IP, regulatory and vendor aspects Prioritised action plan with "must do now / should do / nice to have" split Executive summary slide/briefing you can reuse with your board or customers Optional: short live walk-through session with Q&A
Secure AI Use Policy & Control Framework
Scope:
Design a practical AI acceptable-use policy and a lightweight control framework tailored to your organisation. This covers who can use which AI tools, for what purposes, with which data; and what technical and process controls you should have in place (access, logging, approvals, vendor checks). Focus is on governance and security of AI use, not on building or auditing ML models.
Who it's for:
SMEs and scale-ups already using AI tools but with no clear rules in place Organisations asked by customers or auditors for "AI policy" and governance evidence Tech and product teams wanting guardrails rather than blanket bans
What you get:
- A clear, enforceable AI policy written in language staff can actually understand
- A minimum set of controls (technical and process) aligned with your existing security/compliance posture
- A documented basis for future AI risk assessments, DPIAs and customer responses
Deliverables:
AI Acceptable Use Policy tailored to your organisation and existing policies Compact AI Governance & Control Framework (roles, approvals, monitoring, vendor review expectations) Implementation notes: how to roll out, train staff and embed the controls Optional: one short training/awareness session for key teams
Package Bundles
Combined services for specific public-sector compliance needs. Fast, practical, defensible.
Bid Essentials
Scope:
Fast-track package for SMEs starting their public-sector bidding journey.
Who it's for:
SMEs beginning to bid for UK public-sector work needing a clear path to Cyber Essentials
Includes:
- Public-Sector Security Readiness Scan
- Cyber Essentials Readiness & Implementation Support - Light
Deliverables:
Readiness Report, CE Light Checklist with action list, optional debrief call
Cybersecurity Essentials
Scope:
Comprehensive package combining security health check, ISO 27001 readiness, and full Cyber Essentials support.
Who it's for:
SMEs building foundational cybersecurity with ISO 27001 and Cyber Essentials requirements
Includes:
- Security Health Check
- ISO 27001 Readiness Assessment
- Cyber Essentials Readiness & Implementation Support - Full
Deliverables:
Security Health Report, ISO 27001 Gap Analysis, CE Pre-Assessment, Implementation Plan, CE draft answers
Health & NHS Ready
Scope:
End-to-end NHS DSPT compliance package with Cyber Essentials foundation.
Who it's for:
SMEs supplying to NHS or health-sector needing DSPT "Standards Met"
Includes:
- Public-Sector Security Readiness Scan - Health-Focused
- NHS DSP Toolkit (DSPT) & Health-Sector Security Support
- Cyber Essentials Readiness & Implementation Support - Light (optional)
Deliverables:
Health-Focused Readiness Report, DSPT Gap Analysis, Action Plan, Response Pack, optional CE checklist