Compliance audits and security testing — under one roof.
Seventeen services delivered by the same practitioners who hold the credentials we sell against. PCI SSC-listed QSAC, ISO 27001 / 9001 certified, Cyber Essentials Plus. Nine compliance, eight security — scoped per engagement.
Audit-defensible compliance work.
Independently verifiable, methodology drawn from PCI SSC, ISO/IEC, ICO and CSA published references.
PCI DSS
UK Qualified Security Assessor Company. Fixed-fee PCI DSS audits, gap assessments, and ROC/AOC delivery for merchants, acquirers, and service providers.
Read moreASV Scanning
Quarterly PCI Approved Scanning Vendor scans managed in partnership with a PCI SSC ASV. QSAC-led scope, findings triage, and AOSC delivery.
Read moreISO 27001
End-to-end ISO/IEC 27001:2022 ISMS implementation, internal audits, and Stage 1 / Stage 2 certification support. UK lead auditors, fixed-fee scoping.
Read moreSOC 2
SOC 2 Type 2 readiness and attestation support — AICPA Trust Services Criteria, control design, evidence collection. Delivered with an AICPA-licensed CPA partner.
Read moreNIS-CAF
CAF v3.2 assessments for UK Operators of Essential Services and Relevant Digital Service Providers. Four objectives scored, regulator-ready uplift plan.
Read moreSWIFT CSP
Independent SWIFT Customer Security Programme assessments and KYC-SA submissions. Architecture mapping, CSCF control testing, annual attestation.
Read moreData Privacy / GDPR
ICO-aligned UK GDPR consultancy. Data mapping, DPIAs, policy work, breach response, and DPO-as-a-Service for organisations across the UK and EU.
Read moreHIPAA
HIPAA Security Rule risk analysis, safeguards review, and Business Associate Agreement support for UK service providers to US Covered Entities.
Read moreGRC
One cybersecurity programme aligned to multiple frameworks — NIST CSF 2.0, ISO 27001:2022, CIS Controls v8, SOC 2. Strategy, policy, risk register, vendor risk.
Read more
Practitioner-led security delivery.
CREST-aligned testing, in-house SOC, four-hour IR retainer and CISO-bench leadership for boards that need it.
Penetration Testing
CREST-aligned Penetration Testing scoped to your environment. Web, infrastructure, cloud, mobile and wireless tests. Methodology drawn from OWASP, NIST and CREST DPT.
Read moreSOC as a Service
Group-operated SOC providing SIEM, network monitoring, threat detection, incident response and managed EDR. In-house, 24×7/365, delivered through SOC365 Services, our 24×7 managed SOC capability.
Read moreSecurity Incident Response
Six-stage incident response aligned to NIST SP 800-61r3 and NCSC guidance. Retainer customers get a four-hour first response. Ransomware, BEC, insider threats, data-breach response.
Read moreSecure Payment Solutions
Build payment systems that pass PCI DSS 4.0.1. Architecture review, P2PE solution selection, tokenisation design, scope-reduction work — delivered by our QSAC team.
Read moreBusiness Continuity & DR
BIA, RTO/RPO definition, plan authoring, tabletop exercises and review cycles. Aligned to ISO 22301:2019 and ISO/IEC 27031:2025 ICT readiness guidance.
Read moreOT Cyber Security
OT and ICS cyber security for UK manufacturers, utilities and infrastructure operators. Risk assessment, segmentation, monitoring, IR planning. Aligned to IEC 62443 and NIST SP 800-82r3.
Read moreSMB Security Assessment
Right-sized security for UK small and medium businesses. We deliver Cyber Essentials and Cyber Essentials Plus directly, plus targeted assessments and remediation.
Read morevCISO
Strategy, governance, risk and board reporting from a CISO bench with 30+ years’ combined experience. Standard engagements run Monday–Friday business hours, scoped per programme.
Read more
Not sure which one you need?
30-minute scoping call. No commitment. Output is a written scope draft against the right service.