Cyber Essentials, ISO 27001, GDPR, and the rules your sector enforces, turned from a daunting checklist into a clear, prioritised path with the policies and evidence to back it up. Guided by a team that is UKAS accredited for ISO 27001 and 9001, and a Cyber Essentials certification body in its own right.
Compliance readiness is the work that comes before any assessment. We help you work out which standards and obligations actually apply to your organisation, measure where you stand against them, and put the controls, policies, and evidence in place so that when an auditor, insurer, or prime contractor asks, the proof is already in order. We do not guarantee you pass, because no honest partner can. We make sure you are genuinely ready when the question comes.
Most organisations do not need everything. We help you work out which of these apply, then get you ready for the ones that do, in the order that makes sense.
The UK government backed scheme that protects against the most common opportunistic attacks. Affordable, quick, and recognised by insurers and buyers. The cleanest place to start for most businesses.
The international standard for an information security management system. The proof larger clients and regulators look for, built and run over time rather than achieved once. We run it ourselves and are UKAS accredited.
The obligations every organisation handling personal data carries. We assess where you stand, put the policies and technical measures in place, and make sure you can answer a data subject access request or a regulator's question.
The rules your own regulator enforces, from FCA systems and controls to the NHS Data Security and Protection Toolkit, plus PCI DSS where you handle card payments. We map your obligations to your sector and get you ready for them.
Most of the difficulty in compliance is not the work itself, it is knowing which work is yours to do. The honest starting point is almost always the contract, the regulator, or the insurer asking the question, because the answer is usually written down somewhere if you read it carefully.
The good news is that the work compounds. The technical basics behind Cyber Essentials feed directly into ISO 27001, and the policies and evidence you build for one standard support the others. Getting ready in a sensible order means very little effort is wasted. If you are stuck on the Cyber Essentials versus ISO 27001 question specifically, our guide on which one your business actually needs walks through it in detail.
No thousand page export, no scramble the week before an assessment. A short, structured process that leaves you genuinely prepared and holding the evidence.
A readiness assessment of where you stand against the standards that apply, with the starting position recorded so progress is demonstrable later.
A clear, ranked plan that closes the highest risk gaps first, scoped to what your organisation actually needs rather than a generic template.
We develop the policies and procedures, put the technical controls in place, and operate them, documenting what was done as part of running the technology.
We package the evidence mapped to the certification or framework and support you through the assessment itself, whether that is a Cyber Essentials submission or an ISO 27001 audit.
Being ready for an assessment means the controls are real and the evidence reflects them. That is why the same team that gets you ready also runs and secures the technology underneath.
The controls behind the evidence. Cyber Essentials, ISO 27001, monitoring, and incident response, run by a certified team. The security we get you ready to prove is the security we put in place.
Go to Cyber Security Document itReadiness needs policies that hold up under scrutiny, not templates that fall apart on the first question. Our policy frameworks service builds the documented backbone every standard expects.
See policy frameworksCompliance readiness is part of our governance and audit work. Once you are certified, audit and assurance keeps the evidence current between assessments, and if the Cyber Assessment Framework is one of your obligations, CAF alignment maps your position against it. Heavily regulated organisations, including those in the defence and aerospace supply chain, usually need several of these together.
Start with what is being asked of you. A contract, a regulator, or an insurer usually names the standard, and GDPR applies to anyone handling personal data. We run a short readiness assessment that maps your obligations to your sector and your contracts, so you are not getting ready for things that do not apply to you, or missing things that do.
It is not always mandatory, but it is increasingly expected, and many professional indemnity insurers now ask for it. It is also a sensible baseline in its own right, because it closes off the most common attacks. For most organisations it is the right first step, and the work behind it feeds into ISO 27001 later if you need that too.
Certified means an accredited body has audited you and issued a certificate. Aligned, or equivalent, means you work to the standard without holding the certificate. The distinction matters, because a contract that asks for ISO 27001 certified is asking for something different from one that accepts alignment. We help you answer the question that was actually asked, and never claim certification you do not hold.
You should have documented evidence ready: your policies, your security configurations, your audit logs, and your certification evidence. The whole point of readiness is that the proof exists before the question is asked. We help you assemble and maintain that evidence so a regulator's enquiry is a matter of producing a pack, not starting a project.
Yes. We can take you from gap analysis through to certification, then run and secure the technology behind it as part of our cyber security and managed services. Because one accountable team both operates the controls and evidences them, the proof stays accurate over time rather than drifting away from reality between audits.
Tell us what you are being asked to demonstrate, and we will tell you plainly which standards apply, what it takes, and where to start. We reply within one working day, and you will speak to an engineer, not a salesperson.
Hello, I am Ainsley, the assistant here at Dead Simple Computing. I built nothing today, but I am one of the governed AI assistants we build for clients. Ask me about managed IT, cyber security, software and AI, or governance and audit.
Ainsley is an assistant and can be wrong. For anything that matters you will speak to an engineer.