Compliance and Assurance Services

Compliance and Assurance Services
NomMember
CyberAssurance
CyberEssentialsCert
MicrosoftPartner
WatchGuard

Overview

Compliance certifications prove to clients, insurers, and regulators that you take security seriously. They help you win contracts, reduce your insurance premiums, and demonstrate due diligence if something goes wrong.

But compliance is also confusing. The requirements are written in technical language. The documentation is overwhelming. And the technical controls are hard to implement if you do not know what you are doing.

That is where we come in.

  • We translate complex compliance requirements into clear actions
  • We help you implement the technical controls properly
  • We gather the evidence auditors need
  • We guide you through the entire certification process (Cyber Essentials, Cyber Essentials Plus, ISO 27001, or other standards)

We are a certified Cyber Essentials assessment body, so we can certify your organisation directly.

This page covers our compliance support services: Cyber Essentials, Cyber Essentials Plus, ISO 27001, audit evidence preparation, and help with insurer questionnaires.

Cyber Essentials Support

Cyber Essentials is the UK Government's baseline security standard. It protects against the most common internet-based cyber attacks. Many government contracts require it, and some insurers offer premium discounts for certified organisations.

We help you get certified.

Preparation & Remediation

Preparation:

  • Gap analysis of your current security posture against Cyber Essentials requirements
  • Clear action plan showing what needs fixing and in what order
  • Technical implementation of required controls (firewalls, patching, access controls, malware protection, secure configuration)

Remediation:

  • Hands-on fixing of identified gaps
  • Implementation of missing security controls
  • Testing to ensure controls work properly

Audit Support & Certification

Audit Support:

  • Completion of the Cyber Essentials self-assessment questionnaire
  • Evidence gathering and documentation
  • Technical validation of your answers
  • Liaison with assessors if questions arise

Certification:

Because Dark Knight is a certified assessment body, we can certify your organisation directly. You do not need to pay a separate assessor - we handle the entire process.

Cyber Essentials certification lasts 12 months. As part of our managed support services, we maintain your Cyber Essentials posture year-round, making recertification straightforward.

Cyber Essentials Plus support certification fees are quoted separately. Implementation work is typically included in managed support contracts or quoted as a project.

Cyber Essentials Plus

Cyber Essentials Plus is the higher assurance version of Cyber Essentials. Instead of a self-assessment, an external assessor performs technical testing of your systems to verify the controls are actually in place and working.

This provides stronger assurance to clients and meets requirements for higher-risk contracts or more security-conscious clients.

Technical Evidence Gathering

  • Detailed documentation of your technical environment
  • Screenshots and configuration exports proving controls are in place
  • Network diagrams and system architecture documentation
  • Access to systems for external assessors

Testing Coordination & Certification

Testing Coordination:

  • Scheduling and coordinating the external assessment
  • Providing assessors with required access (safely and securely)
  • Addressing any findings or gaps identified during assessment

Certification:

  • Support through the entire certification process
  • Remediation of any issues found during testing
  • Final certification submission

ISO 27001 Support

ISO 27001 is the international standard for information security management. It is more comprehensive than Cyber Essentials, covering not just technical controls but also policies, procedures, risk management, and organisational governance.

ISO 27001 is valuable for:

  • Businesses working with enterprise clients who require it
  • Organisations handling sensitive data
  • Companies wanting a structured approach to information security
  • Businesses operating internationally

We provide ISO 27001 audit assistance, but we maintain auditor independence (we do not perform audits ourselves).

Control Implementation

  • Gap analysis against ISO 27001 Annex A controls
  • Implementation of required technical controls
  • Development of required policies and procedures
  • Risk assessment and treatment planning
  • Internal controls testing

Audit Assistance

  • Evidence gathering for external auditors
  • Technical implementation verification
  • Documentation and record-keeping
  • Liaison with your chosen certification body
  • Support during surveillance audits (annual checks after initial certification)

ISO 27001 is a significant undertaking. We are honest about the level of effort required. For many small businesses, Cyber Essentials Plus provides sufficient assurance without the full overhead of ISO 27001. But for businesses that need ISO 27001, we will help you get there properly.

Audit Evidence Preparation

Audits and assessments require evidence - security policies, technical configurations, access logs, incident records, change management documentation, asset inventories. Gathering this evidence is time-consuming, especially if your documentation is not already organised.

We help you prepare audit evidence for any security assessment or compliance requirement.

Policy Evidence

  • Security policies and procedures documentation
  • Risk assessments and treatment plans
  • Acceptable use policies and staff awareness records
  • Change management logs
  • Incident response documentation

Technical Evidence

  • System configurations and hardening documentation
  • Firewall rules and network architecture diagrams
  • Patch management records and vulnerability scanning reports
  • Backup logs and restore testing evidence
  • Access control configurations and user account audits

This service is delivered in collaboration with your team. We provide the technical evidence and documentation from our managed services. You provide the organisational policies and business context. Together, we build the complete evidence package auditors need.

Insurer Questionnaires

Cyber insurance applications and renewals typically include detailed technical questionnaires. These ask about your security controls, incident response capabilities, and backup procedures.

The questions are often written in technical language. Answer incorrectly and you might not get coverage - or you might get coverage that does not actually protect you when you need it.

We provide best-effort assistance to help you complete cyber and technology insurer questionnaires accurately and confidently.

Questionnaire Completion Support

  • Help interpreting insurer questions and requirements
  • Plain-English explanation of technical and security terminology
  • Assistance aligning responses with your actual technical environment, existing security controls, and Cyber Essentials best practice
  • Identification of gaps or risks highlighted by insurer questions

Understanding the Why

  • Explanation of why insurers are asking specific questions
  • How responses may affect coverage, exclusions, or premiums
  • Helping you understand what insurers actually care about

This is an informational and advisory service. We do not provide legal advice, insurance advice, or underwriting advice. Final responsibility for questionnaire submission and accuracy remains with you.

Extensive or repeated insurer engagements may be treated as chargeable consultancy.

Need help getting certified? We'll guide you through it.

Talk to our team
LogoD

DARK KNIGHT LTD

Company number 15151992

6 Floreat Gardens

Newbury

England

RG14 6AW

Privacy

Terms and Conditions for Website

Domain Registry Terms

Terms and Conditions

© 2024 Dark Knight