Let's talk
Oxford Infosec

Security FoundationsAre we secure enough?

It's the question every business eventually asks, usually after a near-miss, a customer questionnaire, or a call with an insurer. For most small businesses, the answer is: we're not sure.

Security Foundations answers it. We assess your security against what actually matters for a business your size, fix the quick wins, and build a proportionate baseline you can maintain.

In short

  • 01A clear view on where you are with security and what gaps need closing.
  • 02A proportionate baseline you can maintain, with evidence to show customers and insurers.
  • 03Peace of mind that the most common security issues are dealt with.

What problems we solve

Most incidents trace back to basic controls that aren't in place or aren't working. You're in the right place if any of these sound familiar:

01

We don't really know what we've got

Asset lists and dashboards contradict each other. Things slip through.

02

It was set up in a hurry

Configurations from a growth sprint that nobody ever tightened up.

03

Patching happens... eventually

No schedule, no tracking, no view of what's actually vulnerable.

04

Our tools are noisy

Alerts nobody tunes or checks. Real problems hide in the noise.

05

Passwords and two-factor login are inconsistent

Strong in places, weak in others. Staff reuse passwords.

06

We can't prove any of it

Evidence requests become a scramble. Sales stall and premiums rise.

How the Security Foundations assessment works

01Typical duration
2 to 4 weeks

Assessment and quick wins

We assess your security, pinpoint the gaps, and fix the obvious ones straight away.

02Typical duration
2 to 3 months

Implementation and strengthening

We put the controls in place to close the gaps and strengthen your systems.

03Minimum term
12-month minimum

Ongoing monitoring and support

We keep the baseline working and help you maintain it as you grow.

That's the summary. The full service description covers every activity, assumption, and exclusion.

Read the full service description

Companies we've worked with.

AmpereBeamBiographicaChalfenGeneral IndexHarbr DataJudge.meLightsonicResponsible MarketingSyntassoThe Key GroupZaptic

What we assess

We rate each area for how well it's working and the risk it carries, so you can see where to focus.

01Asset visibility
02Device security
03Access control
04Cloud configuration
05Patching
06Logging and monitoring
07Backup and recovery
08Email security
09Network security
10Staff awareness

Who it's for

2 to 200 employees: real risks, but no dedicated security team

Growing fast: set-ups that outgrew their original configuration

Cloud-based: email, file storage, and core systems

Facing security questions: from customers, insurers, or investors

No security staff: IT handles it alongside everything else

What's not included

  • Major architectural changes
  • Fixing application code
  • 24/7 incident response
  • Penetration testing
  • Compliance certifications
  • Building a security operations centre
Read the full service description

Your security lead is an experienced practitioner with recognised qualifications (typically CISSP or CISM) who has implemented these controls across dozens of small businesses. You work with the same named consultant throughout, so you're not re-explaining your setup every time you call.

Term and pricing

Phase 1: Assessment

2–4 weeks

Fixed fee

Phase 2: Implementation

2–3 months

Fixed fee (based on findings)

Phase 3: Ongoing support

12-month minimum

Monthly fee

Exact figures depend on your size and what the assessment finds. Use the calculator for an indicative estimate.

Estimate the cost

Common questions

Security Foundations FAQs

Find out where you stand.

A short conversation is usually enough to tell whether this is the right fit and what the assessment would cover. If something else suits you better, we'll say so.

Estimate the costGet in contact