Cybersecurity frameworks
The Cybersecurity practice covers the standards, regulations and maturity models firms use to assess a client's security posture, resilience and compliance. It spans 13 frameworks — from global standards like SOC 2, ISO/IEC 27001 and NIST CSF 2.0 to UK-specific schemes such as Cyber Essentials, the NCSC CAF and the NHS DSPT. Each runs as a structured, evidence-based assessment that scores the client on the framework's own scale and ranks the gaps to close.
| Framework | Type | Use it when |
|---|---|---|
| SOC 2 | Standard | Preparing for a SOC 2 Type I or Type II audit |
| ISO/IEC 27001 ISMS Readiness | Standard | Gauging ISMS readiness before certification |
| NIST CSF 2.0 | Standard | Baselining posture across the six CSF functions |
| PCI DSS v4.0 | Standard | Securing cardholder data ahead of a QSA or SAQ |
| CIS Controls v8 | Standard | Benchmarking the 18 prioritised safeguards |
| Zero Trust (CISA ZTMM) | Model | Rating zero-trust maturity across the five pillars |
| Cyber Essentials (NCSC) | Standard · UK | Checking readiness before Cyber Essentials certification |
| NCSC Cyber Assessment Framework (CAF) | Standard · UK | Assessing resilience of NIS-regulated services |
| NHS Data Security & Protection Toolkit (DSPT) | Standard · UK | Preparing the annual NHS DSPT submission |
| ISO/IEC 27701 Privacy Information Management | Standard | Extending an ISMS to privacy (PIMS) |
| ISO 22301 Business Continuity | Standard | Gauging BCMS readiness against ISO 22301 |
| OWASP SAMM | Model | Benchmarking software-assurance maturity |
| Third-Party & Supply-Chain Risk | Model | Assessing vendor and supply-chain cyber risk |
How these assessments work
Every framework in this library runs the same way: evidence in, scored on the standard's own scale, board-ready out. See Assessments Overview and Choosing a framework.