We respect the autonomy your organisation deserves. At Net Defence we look beyond traditional IT security and network infrastructure approaches, working with you to provide an independent view of your current business practices. Reviewing processes and highlighting potential gaps and threats we give you total visibility and full control of security management processes and decisions.


As part of our Framework Compliance service, our Governance, Risk Management & Compliance (GRC) consultants evaluate and measure policy and procedures, business processes and internal controls within a client’s organisation against international and national standards.

We work with organisations across varied sectors, assisting them to achieve and maintain ISO27001:2013 Information Security Management and Business Continuity, Disaster Recovery (ISO22301) systems.

Key to the delivery of ISO27001:2013 or ISO22301 certifications is ensuring the management system is embedded within an organisation’s staff. We help achieve this by including teams in impact and risk assessments, the development of security baseline controls and policy and appropriate elements of the management review and internal audit.

We use ISO27001:2013 lead auditors who understand how each management system will be viewed and can identify the key metrics to support the final certification audit. They can ensure that where a pragmatic interpretation of a specific ISO27001:2013 clause or control has been made, an objective case can be made and its conformance to the relevant standard demonstrated.


Each organisation has differing approaches and motivations for their respective Policy and Procedure guidelines, influenced by their regulatory and contractual obligations.

Our Policy and Procedure service recognises the drivers associated with this process. We work with our clients to understand, contextualise and plan what policies and procedures best suit their needs. Our consultants have significant experience in the development of pragmatic and achievable policy and security guidelines, reflecting each client’s unique business environment, risk appetite and operating model.


Our Corporate Governance service delivers the expertise required to merge information security management into existing corporate governance regimes. We help clients build new, bespoke risk assessment methodology or adapt existing frameworks to fit into an organisation’s common risk infrastructure.

We develop specific strategies for information security and ensure that IT and technology strategies are aligned with the client’s cyber risk appetite. Additionally, we can help build the appropriate information security and cyber terms of reference into existing corporate governance frameworks for regulation and compliance.

We provide regular board level governance workshops in partnership with leading legal firms.

Get In Touch

You can pick up the phone or send us a message,
either way we will get back to you ASAP…