Call us on 03450 21 21 51

SRM Solutions
Consultancy & Compliance


At SRM we have developed the VirtualCISO™, a totally bespoke service, providing as much or as little as required depending on the individual company.

Who is the service for?

Whether a sole trader or a large multinational, every business must assign the role of Chief Information Security Officer (CISO), Information Security Manager (ISM), Data Protection Officer (DPO) or Senior Information Risk Owner (SIRO). The individual in this role is under a legal obligation to ensure that all information is protected and, with potential data breaches running to thousands, it can be a daunting task.

What is the challenge?

Qualified individuals with the level of experience required to take on demanding information security roles are hard to find. If the right individuals can be recruited they benefit from the provision of additional support and resource. In addition, due to a number of reasons including the pressure of the role, the tenure of senior information security professionals is notoriously short. This often leads to periods of disruption while a new incumbent works their way in.

How does it work?

At SRM we have developed VirtualCISO™ and VirtualISM™, totally bespoke services, providing as much or as little as required depending on the individual company. Some may know exactly what they need and have the technical expertise to deliver it, while others may simply want to have the whole problem removed from their desks, in the certain knowledge that everything is being dealt with on their behalf.

With VirtualCISO™ and VirtualISM™ a company board – or a sole trader – can understand their responsibilities and company risk profile, prioritise mitigating actions, confirm adherence (or not) to industry/sector standards and regulations, and find out how best to proceed in ensuring compliance in a cost-effective manner. In this way they will also be evidencing that they put the needs of their clients first, thus maintaining or gaining reputational and financial advantage amongst their competitors.

Associated services



Our team provides a business-focused service to organisations of all types and size, at all ends of the GDPR-readiness spectrum.



The SRM PCI DSS compliance team includes leading QSAs who use their wealth of experience to help organisations at all levels to understand not only how to comply but also how to reduce costs.

Retained Forensic & Incident Response (IR)

Retained Forensic & Incident Response (IR)

Ensuring you have access to Forensic Incident Response expertise is a proactive approach your organisation can take to information security.

Related articles

Virtual CISO: too good to be true?

There are some things in life that are simply too good to be true: miracle diets, offers of millions from Nigerian princes and free lunches to name but a..

The GDPR compliance fallacy

There is a curious irony that the enactment of the General Data Protection Regulation (GDPR), drawn up to protect the rights of individuals and their right to online privacy,..

The A to E of cyber maturity

In a recent report, the Philippine government’s Department of Information and Communications Technology (created in 2016) outlined a scale of cyber resilience based on an A to E grading..