We advise chief information officers, information security officers, boards of directors, and IT and risk management departments.

Our work is grounded in a wealth of experience in security and compliance for companies and governments at the highest levels. We tailor our approach to each project in close consultation with our clients and avoid a one-size-fits-all solution.


Our team have a diverse set of skills from varied industries. From former Chief Information Security Officers of multinationals to former system administrators and governance specialists, we ensure that each project has the right team with relevant and in-depth industry expertise.


Our reporting is accessible to employees at all levels of organisations. We clearly explain security issues by utilising language that is appropriate for the intended audience. We avoid jargon and contextualise security issues by benchmarking against industry peers.


We leverage our global network and adapt our responses in line with clients’ needs. Wherever possible, we work with clients’ existing security infrastructure and avoid re-inventing the wheel to provide practical advice that assists our clients in improving their security as quickly and efficiently as possible.


Together with market-leading partners, we provide easy-to-use platforms that simplify and consolidate security processes.

Our consultants work with leading organisations to assess their people, processes and technology against industry leading standards and regulations.

We use proven methodologies and easy-to-read reporting to provide a clear assessment of compliance with regulations and other security requirements.
We provide actionable recommendations and roadmaps to reduce our clients’ cyber risks and align them with leading governance standards.


We provide security risk assessment services to businesses of all sizes, ranging from small family offices to large corporations. We serve a wide variety of industries, some of which include oil and gas, financial services, legal services, professional services and critical national infrastructure.

We strive to provide quality reporting, client focus and a combination of strong technical and governance expertise to help our clients improve their security posture.


Level 1: Cyber Essentials
  • Guidance through the UK government-backed Cyber Essentials certification process
  • Full Cyber Essentials certification upon completion
Level 2: Information Security Controls Gap Assessment
  • Identifies high-level security gaps in your organisation’s security controls based on applicable best practices
  • Benchmarks your cyber security profile against your peers
  • Breaks down the key vulnerabilities associated with the identified gaps
  • Provides recommendations for resolving identified issues
Level 3: Information Security Risk Assessments
  • Identifies the critical information assets within your organisation
  • Evaluates the threat profile of your organisation
  • Evaluates your cyber security posture against industry best practices
  • Benchmarks your cyber security profile against your peers
  • Identifies vulnerabilities in your cyber security strategy
  • Assesses the likelihood and impact of identified threats
  • Identifies risks in the context of your risk appetite
  • Provides recommendations to improve your security
  • Provides a management report and risk register for tracking remediation efforts.

Regulations & Standards

Our assessment services extend to security and data privacy regulations and security standards, enabling our clients to understand their readiness in preparing for and meeting the requirements associated with:

  • The EU General Data Protection Regulation (GDPR)
  • The New York Department of Financial Services Cyber Security Regulation (NYDFS)
  • ISO27001
  • NIST 800-53/Cyber Security Framework (CSF)

We support clients in driving their remediation programmes and effectively implementing the controls required by regulations and security standards.


We provide technical support, security awareness training and staff augmentation to help organisations implement risk mitigation strategies. These services include:

  • Vulnerability scanning & patch management
  • Social engineering testing (Phishing; Vishing)
  • Policy and procedure development
  • Vendor risk management
  • Device hardening
  • Privacy advisory

Regulatory & compliance support

We provide the additional resources and knowledge required to implement the changes needed to achieve compliance with security standards and regulations.

GDPR introduces some subtle and some considerable departures from existing data privacy regulation, while seeking to harmonise the approach to privacy across Europe, imposing increased accountability on both controllers and processors for the protection of personal data.

S-RM has designed a best practice approach to help firms make the journey to compliance with GDPR. Our technology-enabled GDPR project methodology helps firms take an efficient and time sensitive approach to GDPR, whilst focusing on continuous education of employees and business decision-makers.

We provide specialist advice and support to firms looking to achieve compliance with the GDPR. S-RM’s GDPR-certified practitioners have expertise working with companies from a variety of industries, taking them from the first steps of understanding their data landscape and classifications, through to implementing new policies and procedures and building a privacy conscious culture throughout the organisation.

S-RM’s GDPR compliance projects range from company-wide GDPR programme design and delivery to strategic gap assessments and existing policy review. We also perform assurance audits of completed and in-progress GDPR projects.


  • Employee awareness and training programmes
  • Project design and engagement planning
  • Data mapping and gap assessment
  • Project review and remediation programmes
  • Ongoing support and regulatory monitoring
  • Crisis management and incident response


S-RM’s consultants have many years’ experience managing complex regulatory change projects across a variety of jurisdictions. We focus on explaining technical terms in simple language, ensuring employees are fully aware of their responsibilities under GDPR.

Our technology-driven, consultancy-led approach to GDPR projects is proven to deliver considerable efficiencies at every stage of the work. We work with market-leading software providers who have a singular focus on helping organisations looking to achieve compliance.


S-RM’s Cyber Security Team advise and collaborate with senior legal and IT stakeholders to design sustainable data protection strategies and enterprise-wide cyber risk prevention programmes.

We have invested significantly in screening and configuring appropriate software support tools to drive efficiencies and reduce overall project costs, saving our clients both time and money.

S-RM & MetaCompliance | ‘GDPR for Dummies’ London Roadshow

Watch the video: S-RM and MetaCompliance share practical advice and insights from their combined experience working with global organisations, to help you effectively prepare for GDPR.

For further information, or to discuss the implications of GDPR for your business, please contact us