Just how much is riding on your organisation’s cyber security and information management?
Accessing Exposure

The first step in securing your information is understanding where the vulnerabilities in your organisation lie.


Managing Risks

To bring threats under control you need prioritised solutions rolled out through processes, systems and staff awareness.


Maintaining Standards

Achieving standards helps with approved supplier lists and more. We help with GDPR, IASME, Cyber Essentials and ISO certification.


Our Services

Information security – your choice

For many, ISO27001 will provide evidence that you are taking information security seriously; that your organisation can be trusted to handle customer data; that you can be relied upon to keep trade secrets confidential; that you have what it takes to be an approved supplier or partner; that you protect personal data and comply with GDPR.

Whether you want official recognition of an exemplary track record, or need to ensure that past incidents cannot happen again, ISO/IEC 27001 and related information security standards (including BS-10012) can provide the framework for continuous improvement and measures of achievement that you need.

Some security standards are deemed too heavyweight for many, which is why we are also certified assessors in the new Cyber Essentials Scheme and the IASME Standard (Information Assurance for Small and Medium Enterprise), which includes GPDR readiness.

We provide a range of information security services that range from initial advice through to your security assurance award and beyond:

Security Risk Assessment

We will plan, lead and if necessary resource a comprehensive audit of your information security vulnerabilities. We consider policies, procedures, operations, technology infrastructure and human interactions. read more

Risk Treatment

Once you know where you are most vulnerable, we will help devise the most appropriate measures and prioritise their implementation. For those risks that cannot be cost-effectively eliminated, we will help you plan mitigating actions. read more

Validation and Audit

With the risks properly understood and measures in place to maintain the confidentiality, integrity and availability of your information resources, we will help you obtain the recognition you deserve with validation in advance of full audit. read more

If you would like more information or assistance, no matter what stage you are at, please contact us.

Cyber Essentials

Cyber Essentials

Cyber Essentials is a straight-forward, no nonsense, scheme to help organisations protect themselves against the majority of online attacks. It is applicable to all sizes of organisations, and is particularly useful for small and medium-sized enterprises.

By adopting Cyber Essentials you will demonstrate your committment to securing yourself and your customers through the application of five foundation controls:

  • Boundary firewalls and internet gateways
  • Secure configuration
  • Access control
  • Malware protection
  • Patch management

The Cyber Essentials scheme enables organisations to gain one of two new assessment badges.

  • Cyber Essentials – a self assessment against the five basic controls, independently verified by a qualified assessor.
  • Cyber Essentials PLUS – a higher level of assurance, whereby a qualified and independent assessor examines the same five controls, testing that they work in practice by simulating basic hacking attacks.

It is backed by industry including the Federation of Small Businesses, the CBI as well as a number of insurance organisations which are offering incentives for businesses.

To find out more and to discuss your Cyber Essentials requirements in more depth, please contact us.


General Data Protection Regulation

Since 25 May 2018 most processing of personal data by organisations will have to comply with the EU General Data Protection Regulation.

The Information Commissioner’s Office recommends 12 steps to prepare for GDPR:

  • Staff awareness
  • Understanding and documenting the information you hold
  • Privacy statements & policies
  • Managing individuals rights
  • Managing subject access requests
  • Understanding the lawfulness of processing data
  • Managing consent
  • Requirements for children’s consent
  • Managing data breaches
  • Data Protection by Design & Conducting Data Protection Impact Assessments
  • Need for a Data Protection Officer
  • International transfer of data

Of course, a key part of ‘protection by design’ is that you need to look after all of that personal data. Part of the solution to providing protection could be by implementing Cyber Essentials, which can also be accomplished by adherence to the the IASME Governance Standard. Furthermore, by including the specific GDPR aspects, certification to the IASME Governance Standard provides a wider governance system for the management of the controls protecting personal data.

We can help you at any point on you GPDR project.


Contact Us

To discuss your Cyber Essentials, IASME, ISO/IEC 27001 or other information security requirements in more depth, please contact us.


Call us on 020 8798 3095


Send us an email: info @ greyfield.co.uk.

Statutory Information:

Greyfield Consultancy Services Ltd. is registered in England number 06748323
at Richmond House, Wells Road, Bristol, BS39 6EJ