Skip to main content

Cybersecurity frameworks

The Cybersecurity practice covers the standards, regulations and maturity models firms use to assess a client's security posture, resilience and compliance. It spans 13 frameworks — from global standards like SOC 2, ISO/IEC 27001 and NIST CSF 2.0 to UK-specific schemes such as Cyber Essentials, the NCSC CAF and the NHS DSPT. Each runs as a structured, evidence-based assessment that scores the client on the framework's own scale and ranks the gaps to close.

FrameworkTypeUse it when
SOC 2StandardPreparing for a SOC 2 Type I or Type II audit
ISO/IEC 27001 ISMS ReadinessStandardGauging ISMS readiness before certification
NIST CSF 2.0StandardBaselining posture across the six CSF functions
PCI DSS v4.0StandardSecuring cardholder data ahead of a QSA or SAQ
CIS Controls v8StandardBenchmarking the 18 prioritised safeguards
Zero Trust (CISA ZTMM)ModelRating zero-trust maturity across the five pillars
Cyber Essentials (NCSC)Standard · UKChecking readiness before Cyber Essentials certification
NCSC Cyber Assessment Framework (CAF)Standard · UKAssessing resilience of NIS-regulated services
NHS Data Security & Protection Toolkit (DSPT)Standard · UKPreparing the annual NHS DSPT submission
ISO/IEC 27701 Privacy Information ManagementStandardExtending an ISMS to privacy (PIMS)
ISO 22301 Business ContinuityStandardGauging BCMS readiness against ISO 22301
OWASP SAMMModelBenchmarking software-assurance maturity
Third-Party & Supply-Chain RiskModelAssessing vendor and supply-chain cyber risk

How these assessments work

Every framework in this library runs the same way: evidence in, scored on the standard's own scale, board-ready out. See Assessments Overview and Choosing a framework.