Supporting you in a complex cyber threat landscape

Our team of experienced risk consultants can work with you at each step of your cyber maturity journey. Whether your organisation is at the start of that journey, conducting evaluations and assessments of your assets, or is enhancing an already strong cyber strategy with increased awareness and training, IRM have a wide range of consultancy services to offer.

Compliance and Audit

Our consultants have years of experience with all the complex requirements surrounding areas such as EU GDPR, PCI Data Security Standard, ISO 27001:2013. We help organisations capitalise on digital opportunities whilst meeting compliance standards and mitigating potential risks.

Why choose IRM? We are not tick-box exercise auditors. We understand the threat landscape, risk appetite and bespoke requirements of our organisations to ensure a tailored solution can help them achieve their risk management goals. Learn more about each of our compliance and audit services below.


As one of the UK’s leading Qualified Security Assessor Companies, IRM leverage considerable expertise to ensure our merchant clients follow a simplified and cost-effective road to compliance.

As the co-author of the award winning Barclaycard Risk Reduction Programme, we are also able to help clients adopt a proportionate and risk based approach to compliance.

With our PCI QSA service, you will get a scoping workshop, pre-assessment and training, gap analysis, a PCI remediation programme plan and a final compliance assessment and report.

⇒ Contact us about our PCI services

EU GDPR Compliance

IRM’s assessment service helps businesses ensure they are maintaining GDPR compliance, making informed decisions to allocate financial and personnel resources, implementing proportionate measures whilst ultimately, avoiding financial penalties and regulatory damage.

With the GDPR consultancy service, you will receive a Privacy Impact Assessment (PIA) to help define any data protection issues, as well as a Business Focused Risk Assessment, allowing you to understand how your personal identifiable information is processed and identify any shortfalls.

⇒ Contact us about our GDPR services

CPNI Control Assessment

These controls help prioritise efforts to defend against the current most common and damaging computer and network attacks. IRM’s assessment service has been designed to provide your organisation with its present and desired state of maturity against the Critical Security Controls.

Our CPNI Control Assessment will support you in defining a baseline of high-priority technical measures and activities to implement to enhance your organisation’s cyber defence.

⇒ Contact us about our CPNI Control Assessments

ISO 27001 Certification

ISO 27001 has evolved over many years and is recognised as ‘the best’ standard. Via the provision of a framework for the development of a company specific Information Security Management Systems (ISMS), the standard clearly sets out how to address and manage the information requirements of confidentiality, integrity, and availability of information.

With our ISO 27001 consultancy support, you will receive a gap analysis report and scorecard. This will assess where the organisation is aligned with the standard and will highlight the gaps you need to fill in order to fully meet the IS0 27001 requirements.

Contact us about Certification 

Data Discovery and Evaluation

Our research shows that up to 70% of organisations haven’t valued the data they keep. To combat this issue, IRM offer a range of services to allow you to understand what data and information you have, what it’s worth to your business and what level of expenditure can be justified to protect it.

IRM will review current asset registers, or create unidentified information assets, and give these assets a number of values based on real intelligence and knowledge of your organisation.

As part of the process in discovering your information and data assets, IRM will identify and engage with key personnel to document existing business processes and the assets involved in that process. This in turn will support you in creating and maintaining an Information Asset Register, a key requirement of the GDPR.

⇒ Contact us about Asset Discovery and Evaluation

Threat and Vulnerability Assessment

Threats are described as anything that would contribute to the Confidentiality, Integrity or Availability of an informational asset. Vulnerabilities describe how the threat could be realised.

All organisations are susceptible to numerous threats and vulnerabilities but very few know where they are susceptible. IRM offers as service to conduct a cyber risk assessment to identify and asset the threats and vulnerabilities.

Our assessment involves determining the potential threat actor’s capabilities, motivation and resources, helping you to gain a comprehensive understanding of your cyber risks.

⇒ Contact us about Threat and Vulnerability assessments

Vendor Management

Organisations are increasingly looking at reducing costs which typically involves outsourcing business functions to service providers or third parties. This process can introduce additional and, sometimes, unintentional risks to both security and operational processes.

IRM offer a managed service to provide a comprehensive assessment of your third parties and the potential risks they contribute to your business operation.

We will design a third party management programme designed to your requirements including security questionnaires and ongoing assurance activities, supported by the use of our SYNERGi GRC platform.

⇒ Contact us about our Vendor Management services


Risk Management

Your business runs a wide range of risk assessments and closely monitors operational risk, yet there is often a lack of consideration for information security. We have all seen the media coverage of high, negative impact breaches – so why aren’t cyber risks reflected on the corporate risk register?

Identifying your data assets, valuing them, assessing the threat and applying a pragmatic risk reduction strategy are fundamental steps to be able to defend them appropriately. Read more about each of our risk management services below.

COVID-19 Business Continuity

The COVID-19 pandemic will continue to impact businesses, so it has never been more important to ensure you have a concrete business continuity plan in place. This plan should aim to protect your people, your processes and your information. Cybersecurity and information security are likely to be at higher risk during a pandemic, but IRM consultants can work with your organisation to help you define and mitigate these risks.

⇒ Contact us about our business continuity services

Cyber Risk Appetite

Your organisation encounters financial, operational, compliance and strategic risks every day in pursuit of growth and customer retention. But has anyone quantified how much cyber risk is acceptable?

Understand, articulate and establish your organisation’s Cyber Risk Appetite. IRM’s cyber risk appetite service is an evolutionary process that ensures proportionate cyber risk management sits at the heart of your business and aligns with your strategy.

You will receive an appetite statement, a cyber risk register to clearly define your risk limits, and a remediation plan to offer expert recommendations on how to re-align your current cyber risk posture.

⇒ Contact us about our Cyber Risk Appetite services

Cybersecurity Risk Assessment

Every single one of your systems, applications, employees and suppliers has the capacity to introduce cyber risk into your business.

Understanding, assessing and quantifying these risks is the first step towards eliminating them. Our cybersecurity risk assessment works with your key stakeholders to understand exactly which information assets should be assessed within your organisation, before investigating, identifying and analysing the vulnerabilities existing within and around them.

You will receive a risk assessment report, a cyber risk register and a treatment plan which sets out recommendations for how to re-align your current cyber risk posture to manage new risks.

⇒ Contact us about our Cybersecurity Risk Assessments

Cloud Computing Risk Assessment

Balance the opportunities vs risks of cloud technology and channels. Cloud computing has unique attributes that require risk assessments in areas such as data integrity, recovery, privacy, e-discovery and regulatory compliance.

Our cloud computing risk assessment provides a rational analysis of your cloud security posture and responsibilities, defined by the cloud provider service and the changing needs of your organisation.

You will receive an extensive cloud risk assessment report and a treatment plan on  how to re-align your current risk posture based on the findings of the assessment.

⇒ Contact us about our Cloud Computing Risk Assessments

Third Party Risk Assessment

The convenience and flexibility of outsourcing third party services comes with significant cyber risks, including regulatory penalties for vendor related incidents.

IRM’s third party assessment service has been created to help your organisation to benchmark your entire third party establishment. Used in collaboration with the Vendor Management module within SYNERGi, IRM is able to cost-effectively assess and implement proportionate and responsible due diligence processes and protocols based on varying levels of risk.

You will receive a risk assessment report about the third party risks in your organisation, a third party risk register and a risk treatment plan.

⇒ Contact us about our Third Party Risk Assessments

Cybersecurity Risk Reporting Framework

If you have to submit regular cybersecurity reports to the Board, Audit or Risk Management Committees – then a Risk Reporting Framework is essential.

The IRM framework is designed to provide guidance and confidence to the Board of Directors with regards to risk management, compliance and information security teams. Each business stakeholder receives contextualised and actionable cyber risk intelligence in order to support proper notification and escalation procedures – ensuring any issues are swiftly resolved.

You will receive a framework tailored to the operation and needs of your organisation and you will gain access to SYNERGi, our GRC SaaS solution which provides real-time reports and dashboards to support your risk requirements.

⇒ Contact us about our Cybersecurity Risk Reporting Frameworks

Get the latest updates & resources

Sign up to our newsletter and get access to all of our resources, security tips and news

Sign up to the newsletter

Complete your details to subscribe to our weekly newsletter.