Cyber security that works for your business, not against your budget

What's included

• 30-minute introductory call
• Straightforward questions about your setup and concerns
• Short written summary of the top three things to address
• Honest advice: if a different route would serve you better, we will say so

There is no sales pitch. If we can help, we will tell you how. If you would be better served elsewhere, we will tell you that too.

What's included

• Remote review of one cloud platform (Microsoft 365 or Google Workspace)
• Key security settings, user accounts, MFA status, sharing controls, and admin access
• Short written findings summary: what is in good shape, what needs attention, and what is a priority
• 20-minute follow-up call to talk through the findings

Delivered within 3 working days. This is a summary review, not a full audit. Clients wanting a more thorough assessment typically move to the Security Health Check.

What's included

• Review of devices, user accounts, access controls, and admin privileges
• Assessment of password and MFA practices
• User account lifecycle review (joiners, movers, and leavers)
• Email security configuration review including anti-spoofing and spam controls
• Written Security Health Check Report with risk ratings (critical, high, medium, and low)
• Prioritised action plan
• Follow-up call to walk through the report and answer questions

Delivered within 5 working days. Covers assessment and reporting only. Remediation is scoped separately or can be carried out under a retainer.

What's included

• Full audit against NCSC and platform security baseline recommendations
• Multi-factor authentication enforced across all user accounts
• Conditional Access or access policies configured based on risk
• Admin roles reviewed and least-privilege principles applied
• External sharing settings reviewed and locked down
• Email security configured: SPF, DKIM, DMARC, anti-phishing, and anti-spoofing
• Alert policies configured for suspicious or unusual activity
• Settings Change Log documenting every change made, provided on completion
• Post-hardening summary report with any outstanding recommendations

Delivered within 3 to 5 working days per platform.

What's included

• Gap analysis against current Cyber Essentials requirements or all 43 DSPT evidence items
• Written gap report: what passes, what fails, what needs to be addressed
• Support drafting or updating required policies and procedures
• Compliance monitoring workbook to track progress and evidence (DSPT)
• Data Processing Agreement drafting for third-party relationships (DSPT)
• Pre-assessment readiness review to confirm you are ready to submit
• Guidance on selecting an appropriate certification body (Cyber Essentials)
• Follow-up call at each stage of the process

Pricing varies by organisation size and complexity. A scoping call is carried out before any work begins to confirm your fixed price.

What's included

• Monthly security check-in covering your environment and recent changes
• Compliance monitoring to keep DSPT or Cyber Essentials position current
• Priority response to security questions and incidents (within 1 working day)
• Incident support: investigation, documentation, and guidance on next steps
• Policy and procedure updates as your organisation or regulations change
• Advice on new digital tools reviewed through a security lens before you commit
• Quarterly security posture review: what has been done, what has changed, what is coming

Retainer pricing confirmed following a scoping call. Additional project work beyond the monthly allocation is agreed and scoped separately.