Skip to main content

Security audit and compliance

We provide both certification and capability improvement support to help clients to achieve sustainable improvement, implement an effective security model, and achieve both current and future compliance.

Security audit capability overview

For organisations without specific compliance requirements looking to enhance their cyber maturity, it can be challenging to navigate the myriad of frameworks and standards. Most represent recognised best practice and overlap significantly.

The key difference between them is the depth within which technical security requirements are specified and validated.

Where certification with a specific standard is required for compliance reasons, we are experienced in helping organisations to achieve and demonstrate compliance with a range of requirements. Our experts are able to map the outputs of an assessment to a range of frameworks and standards to clearly communicate business risk, facilitate decision making, and generate improvement to achieve compliance.

Outcomes You Achieve

common pitfalls

Leverage our multi-disciplined teams and expertise to focus on the controls and criteria which matter most.

Guide future development

Prioritise short-, medium-, and long-term improvements to build toward sustainable compliance.

Compliance certification

Identify and address gaps in maturity to ensure compliance can be achieved and maintained over time.

Increase security confidence

Achieve the certification required to operate your business and build the trust of customers and partners.

Our Solutions

The list below isn’t exhaustive and we can apply our expertise to a range of third-party frameworks, standards, and certifications.


The PCI Data Security Standard (PCI DSS) applies to all businesses that store, process, and/or transmit cardholder data.

It covers technical and operational practices for system components included in or connected to environments with cardholder data. We can provide actionable advice on how to meet PCI DSS requirements, including support in implementing security controls, validating architectures and verifying approaches, as well as performing both paper-based and technical auditing for compliance.

Cyber Essentials

Cyber Essentials is a Government-backed and industry-supported scheme that helps businesses protect themselves against cyber threats and provides a clear set of basic controls that businesses should have in place to protect them.

There are two levels of Cyber Essentials certification, differing only in whether a technical audit of the controls is carried out on systems in scope. We are experienced in helping businesses quickly implement the security controls needed to achieve cyber essentials certification.

ISO 27001

ISO 27001 is the international standard in information security management.

Achieving ISO 27001 compliance demonstrates to customers, partners and regulators that your business has established processes in place for managing information security risk. We provide a range of ISO 27001 consulting services including gap analysis, certification consulting, and audit support, enabling organisations to implement a fully compliant security operating model.

IT Health Check

JUMPSEC is accredited by the National Cyber Security Centre (NCSC) to perform ITHC testing under the terms and conditions of the CHECK scheme.

An ITHC provides assurance that external and internal systems are protected from unauthorised access and ensure they prevent unauthorised entry access into systems that consume Public Services Network (PSN) services. Our service is available directly or can be procured via the Government Digital Marketplace (G-Cloud) CHECK service.

NIST Framework

The NIST Cyber Security Framework is a tiered set of best practice recommendations that organisations can use to frame and guide their cyber security control improvements.

It is designed to assist organisations in managing and reducing their cyber security risks in a way that complements their existing cyber security and risk management processes. We are experienced in assessing compliance with the Framework as well as mapping the findings of other standards-based assessments to NIST.

CIS 18

The Center for Internet Security (CIS) 18 is a set of best practices comprising 18 key control groups, for which there are a number of sub-controls relating to best practice configurations and controls which are required for an organisation to operate securely.

We often use the CIS 18 alongside higher-level frameworks to validate the technical implementation and effectiveness of documented controls featured in policy, process, procedures, and system design documentation.

Futureproof your cyber defences with incremental improvement over time.

Many organisations fail to generate real cyber security improvement because they repeat the same types of activities each year. For most organisations, the level of security never truly improves over time. At best it stays the same, and at worst it declines as attackers effectively invest more than defenders.


Achieve the cyber security outcomes you need.

We work to enable effective cyber security for our clients; helping them to future proof their cyber defences and realise genuine improvement over time.