Cyber security in practice.
Right first time.

Tailored support to help you take control of your cyber security programme.

Introducing our Cyber Security Programme Support services.

CRMG can help you implement and maintain the building blocks of your risk-based cyber security programme via a range of tailored support services.

Our focus is on helping you ensure your cyber security governance arrangements reflect your true risk profile, while being actionable and achievable.

We’ll put together a custom support package that matches your specific needs, ensuring maximum value for money.

Realistic, risk-based
cyber security strategy

Cyber security policy & standards

Cyber threat scenarios
and ‘war gaming’

Cyber security assurance
& ISO 27001 certification

Data protection support

Staff placements
‘as a service’

Ready to discuss the detail? Speak to an expert.

Speak To An Expert



Cyber Security Strategy

A realistic, risk-based strategy is fundamental to any organisation’s cyber security capability. Via our Cyber Security Programme Accelerator, we’ll work with you to shape a cyber security strategy that sets the right tone from the top and turns your cyber security programme into a genuine business enabler.

Cyber Security Policy & Standards

Straightforward, easy-to-follow policies and standards provide the common language and guidance by which an organisation can convert its cyber security strategy into consistent reality.

We’ll work closely with you to produce a cyber security policy that sets out in detail exactly what is expected of the business, whilst aligning with your organisational culture and appetite for risk.

Cyber Security Assurance and ISO 27001 Certification

We’ll help you identify the right assessment framework for you — ISO 27001, the NIST Cyber Security Framework or any other recognised standard — and then undertake a gap assessment that produces helpful insights and sensible recommendations for gradual improvement.

If full ISO 27001 certification is right for you, we’ll guide you through the process, working with our certification partner to ensure everything goes smoothly. Where necessary, we can also support your internal/external audit team to implement an ongoing cyber assurance & audit programme.

Cyber Exercises

CRMG will build a realistic cyber threat scenario to which key staff will be asked to respond in real-time in a ‘war game’ setting, stress-testing your organisation’s cyber resilience. 

The aim is to assess management’s ability to invoke the business continuity and crisis management mechanisms you’ll already have developed, and to make rational decisions on the fly that minimise adverse impact. 

Once completed we’ll provide a full review, flagging areas for remediation that can be integrated into your improvement plans. 

Data Protection Support

Protection of personal data about individuals — whether customers, suppliers, partners or staff — is not something you can risk getting wrong. 

Our data protection experts will help you identify which data protection and privacy-related regulations (such as GDPR) apply in your organisation and assess how well they are currently being met. 

We’ll then deliver an improvement plan that maps out each step you need to take to achieve ongoing compliance.

Staff Placements ‘as a service’

Finding the right individual to lead a new or evolving cyber security programme isn’t easy. They’ll need to hold their own with senior management, but also be able to grapple with the details of a risk-based cyber security programme. 

CRMG can provide the right people at the right time, on an ‘as a service’ basis.

Our vast operational experience and diverse industry contacts mean we can deliver experienced, qualified, senior cyber security professionals who can hit the ground running.

Staff Training

We’re experts in training and knowledge transfer. Once we’ve worked with you to develop or improve your cyber security programme, we can also equip your staff to deliver and maintain it into the future.

Example programmes include:


Information risk management fundamentals.

Risk assessment in practice (including core elements such as Business Impact Assessment, Threat and Vulnerability Profiling and Risk Treatment).

Translating security policy into practice.

Ongoing cyber security controls assessment for audit teams.

Managing information risk in supplier relationships.

Our services help organisations of all sizes maintain a risk-based cyber security programme over the long-term.

If you’re ready to get started, set up a call with one of our expert advisors today.