01
DORA readiness
Gap analysis, third-party register, scenario testing, ICT risk framework.
Security for
Financial Services.
DORA, NIS2, ISO 27001, ISO 9001. And the operational resilience demands of the FCA, PRA, and global regulators. We've built ISMS programmes for fintech, banks, payments providers, and asset managers.
Operational resilience is the new floor.
DORA (effective January 2025), NIS2, and the FCA / PRA operational resilience rules treat cyber as a board-level concern. We help you map critical or important functions, define impact tolerances, and run scenario testing that auditors and regulators accept.
Third-party risk is your risk.
Banking and payments live or die by the supply chain. We deliver tiered supplier risk programmes, third-party assurance, and DORA Article 28 contractual reviews so your supplier relationships are defensible the day a regulator asks.
FCA operational resilience.
The single biggest cost overrun in PCI is scope creep. We define the cardholder data environment precisely, segment what doesn't need to be in scope, and reduce annual assessment effort by 30-60% for most clients.
How we help.
02
NIS2 alignment
Sector-specific implementation, board oversight, incident reporting.
03
ISO 9001 quality
Quality management alongside ISO 27001 — strengthening procurement and regulator trust.
04
FCA & PRA submissions
Form A / Cyber Resilience self-assessments with our vCISO as named lead.
Standards we work to.
- DORA
- NIS2
- ISO 27001
- SOC 2
- FCA SYSC
- PRA SS1/21
- BoE FMI