Information Security Services
Most organisations don’t know what they don’t know about their information security. A single gap in a policy, a process, or a staff habit, can expose you to regulatory penalties, reputational damage, or worse. We help you find those gaps before someone else does.
Our assessments are designed as a practical starting point: they help identify your current risks, gaps and priorities, so we can then support you with proportionate improvements, documentation, staff awareness and ongoing governance.
All assessments are expert-reviewed. Findings are always delivered in plain language that everyone can understand.
Designed for charities, housing and care providers, clinics, therapists, coaches and wellbeing services that handle sensitive client, staff or referral information and need practical information security assurance without technical overwhelm.
Assess, improve, evidence and maintain
Our assessment tiers are designed as a progression, each builds on the last, adding depth, verification, and a more complete picture. Many clients start with the free assessment, so they can make an informed decision about what to do next.
Free
Information Security Assessment + RAG Report
Start Here , No Cost, No Commitment
Get a clear, colour-coded snapshot of where your organisation stands. Our initial assessment covers the core pillars of information security and produces a Red/Amber/Green summary report, so you can see at a glance what needs attention, and what doesn’t.
No obligation. No sales call attached.
Ideal for: Organisations that aren’t sure where to begin, or need a defensible starting point before investing further.
£399
Expert-Reviewed Full Report
Your Assessment, Professionally Evaluated
Your RAG summary expanded into a full written report, reviewed by one of our information security practitioners. Suitable for sharing with boards or senior leadership as an initial position statement.
At this stage the report reflects your own inputs, it hasn’t yet been tested against your documents or verified through follow-up. It’s the right starting point, not the final word.
Ideal for: Organisations that need something structured and professionally reviewed to act on or present internally. Builds directly on the free assessment.
£799
Governance & Policy Review
Tested Against Your Documents and Reality
Everything in the full report, plus a structured review of up to three of your documents, policies, procedures, contracts, or similar, and a targeted follow-up briefing session. The briefing and document review feed directly back into an enhanced report, making it materially more complete and reliable than the £399 version.
Deliberately non-technical, designed to be understood and acted on by non-specialists.
Ideal for: SMEs, charities, or professional services firms that need a credible, board-ready view of their information security position without a deep technical infrastructure dive.
£3,490
Comprehensive Review
Fully Evidenced, Independently Verified
Our most thorough tier. In addition to everything in the Governance & Policy Review, we conduct a staff survey, a technical controls questionnaire with structured follow-up and verification briefing, cross-referencing findings across people, policies, and practice. The result is a fully evidenced assessment that carries a level of credibility the earlier tiers, by design, cannot.
The most complete picture we can give you, and the most complete picture you can present to others.
Ideal for: Organisations preparing for a major contract tender, those handling sensitive data at scale, or any business that wants a thorough, defensible account of where they stand.
Quote on Request
Implementation & Ongoing Support
From Assessment to Action
Knowing your gaps is only half the job. We can help you close them, whether that means a single piece of policy work or a broader programme. Every engagement is scoped individually with a fixed quote before any work begins.
Services include:
- Data mapping, asset mapping, and information flow review
- DPIA and data protection risk assessment support
- Technical controls review
- Incident response plan development
- Incident review and lessons-learned support
- Supplier and third-party risk assessment frameworks
- Cybersecurity and information security policy development
- Policy and procedure drafting or rewriting
- Staff awareness and information security training
- Access control and user account review
- Records management and retention review
- Backup, recovery, and business continuity planning
- Board and leadership information security briefings
- Information security improvement roadmap development
- Ongoing information security advisory retainer
What a Client Journey Looks Like
“They came to us not entirely sure what their information security exposure looked like. The free assessment cost them nothing and took less than half an hour. The RAG report prompted some internal conversation. Six weeks later they commissioned a Comprehensive Review. The findings fed directly into a programme of policy work and staff training. Twelve months on and they were in a measurably better position, with the documentation to prove it.”
We can be with you at every stage of that journey, or just one, if that’s what you need.
