Insights / Latest
Writing worth your time.
Every piece attaches to one of our four disciplines and is written or reviewed by a named expert. These are the questions our clients actually ask, answered the way we would answer them across the table.
Featured / Cornerstone
Cyber SecurityDefence supply chain
Cyber Essentials for defence suppliers: Def Stan 05-138 and DEFCON 658
If you sell into the defence supply chain, the acronyms arrive fast: Def Stan 05-138, the Cyber Security Model, DEFCON 658. Here is what each one actually asks of you, where Cyber Essentials and ISO 27001 fit, and the path for a tier-2 or tier-3 supplier, written by someone who has walked suppliers through it.
Daniel McClure Fisher, Founder and Principal Consultant
CISSP, MCIIS · 28 May 2026 · 11 min read
Cyber SecurityCertification
How to prepare for Cyber Essentials Plus
The five controls, what the assessor looks at on the day, and the things that quietly trip firms up at the audited tier. We are a certification body, so this is the view from the other side of the desk, and how to be ready for it.
Daniel McClure Fisher, Founder and Principal Consultant
CISSP, MCIIS · 26 May 2026 · 8 min read
Cyber SecurityCertification
Why businesses fail Cyber Essentials Plus, and how to pass first time
Most failures are predictable: an unpatched VPN, a missing MFA prompt, daily work done as a local administrator. The real reasons firms fail the audited tier, and how to clear each one before the assessor arrives.
Daniel McClure Fisher, Founder and Principal Consultant
CISSP, MCIIS · 23 May 2026 · 7 min read
GovernancePricing guide
How much does ISO 27001 cost?
What actually drives the figure: your size and scope, your current maturity, the certification body's fees, and the internal effort nobody quotes for. A plain breakdown, with indicative ranges and where the money really goes.
Daniel McClure Fisher, Founder and Principal Consultant
CISSP, MCIIS · 21 May 2026 · 8 min read
Managed ITPricing guide
How much does business backup and disaster recovery cost?
What drives the price: how much data, cloud or on-premise, whether your Microsoft 365 is covered, and how fast you need to be back. A plain guide to the models and what good looks like, with indicative ranges.
Daniel McClure Fisher, Founder and Principal Consultant
CISSP, MCIIS · 19 May 2026 · 7 min read
GovernanceFrameworks
The Cyber Assessment Framework self-assessment, a practical guide
The CAF's four objectives, A to D, in language a board can follow. How a self-assessment actually works, where it overlaps with ISO 27001, and how to turn a daunting framework into a short list of things to do next.
Daniel McClure Fisher, Founder and Principal Consultant
CISSP, MCIIS · 16 May 2026 · 9 min read
Software and AIAI governance
How to stop staff leaking data to ChatGPT and AI tools
Staff are pasting client data, code and contracts into public AI tools right now. What actually works to stop it: an acceptable use policy with teeth, sanctioned tools with data controls, Microsoft 365 DLP, and training that sticks.
Daniel McClure Fisher, Founder and Principal Consultant
CISSP, MCIIS · 14 May 2026 · 8 min read
Managed ITPricing guide
How much should managed IT cost? A plain guide to UK pricing models
UK managed IT runs from about £40 to £150 per user a month. A plain guide to the pricing models, what really drives the figure, and the hidden costs to check before you compare two quotes.
Daniel McClure Fisher, Founder and Principal Consultant
CISSP, MCIIS · 12 May 2026 · 8 min read
Cyber SecurityComparison
Cyber Essentials or ISO 27001: which does your contract actually need?
They are not rivals, and you may need both. A side by side look at what each one proves, what it costs in time and money, and how to read the clause in your contract that decides it for you.
Daniel McClure Fisher, Founder and Principal Consultant
CISSP, MCIIS · 30 April 2026 · 9 min read