Call us on 03450 21 21 51

SRM Solutions
Digital Forensics & Incident Response

Retained Forensic & Incident Response

Ensuring you have access to Forensic Incident Response expertise is a proactive approach your organisation can take to information security. We bring our respected industry knowledge and combine with our understanding of your business and networks to deliver a resilient and strategic approach to defence.

Who needs this service?

Retained Forensics and Incident Response is not just for cyber mature organisations which understand the very real threat posed by well-resourced and motivated hackers. The service benefits any organisation which is required to comply with GDPR, PCI DSS or other regulatory authorities because it takes a proactive approach to securing data. It also enables businesses to build in reporting and mitigation strategies to reduce the impact of a breach if one occurs. In our experience, the initial ‘golden hour’ of each incident is key to successful containment.

What does a Retained Forensics and Incident Response service involve?

The service employs the skills of experienced professionals to oversee the high level management of cyber defences across all networks and infrastructure. A Retained Forensics team will establish, direct and manage a test and exercise programme to ensure that a system is as secure as it can be. With their thorough knowledge of an organisation’s systems they will also be on hand and ready to assist in putting the agreed action plan in place in the event of a breach. In this way, the 72-hour reporting element of GDPR will be achievable and the mitigation process will be well in hand before the deadline.

Demonstrating a proactive approach to protecting your customer’s data also puts you in a stronger position when dealing with acquiring banks or any other regulatory authorities.

Why SRM?

SRM is one of a handful of companies in the UK retained by the PCI to carry out PFI investigations. Our team uses this skill and experience to provide a bespoke Retained Forensics and Incident Response service.

Our reputation is built on trust. We do not recommend services or tools you do not need, preferring to use our understanding of your business to set up a targeted plan of action and remediation which will keep you as compliant and secure as it is possible to be. If the worst occurs, with a robust Incident Response plan in place remedial action will be swift, minimising financial and reputational damage.

Our Retained Forensics and Incident Response team will scope the project at the outset and ensure that remedial action causes minimal disruption to a business. We then continue to work with our clients on an ongoing basis to ensure maximum resilience. In the event of a breach, the incident will be managed effectively with SRM taking responsibility for all aspects of reporting, mitigation and remediation. Above all, SRM’s approach is business-focused with the aim of prioritising business-as-usual.

What is included in SRM’s Retained Forensics and Incident Response service?

Information Exchange Workshops: headed by your assigned consultant, SRM’s Retained Forensics solution includes a number of strategic steps including Information Exchange Workshops to gain a full understanding of your network and infrastructure. In this way we are able to deploy resources accurately and to build up a strategic defence. The workshop will also ensure the scoping and creation of a virtual incident response team.

Incident Simulation is an important aspect of the service, enabling us to work with clients to ensure they are fully prepared for a breach incident. Our approach integrates Red Team testing into the exercise planning and operation to provide both the random element of a real incident and real injects into the scenario.

Incident Response: a single telephone number is provided for activating the response service. This number will provide immediate access to our Retained Forensics team. The contact number will be provided to nominated representatives within an organisation and is available out of hours in the event of an incident.

Remote response provides a fast track service to your assigned consultant who will provide support and advice, providing remote support on how to mitigate further breaches following the incident and collect sufficient information to allow the investigation to commence as soon as possible.

On-site response: focuses on acquiring evidence via physical examination of assets. This element of the service focuses on risk reduction and removal via incident containment. It also includes the associated activities to support the detailed analysis and reporting the SRM team will provide.

Associated services

PCI Forensic Investigation (PFI/ PFI Lites)

SRM is one of a handful of companies in the UK retained by the PCI to carry out PFI investigations.


The SRM PCI DSS compliance team includes leading QSAs who use their wealth of experience to help organisations at all levels to understand not only how to comply but also how to reduce costs.


SRM is an accredited PA DSS assessor. With a forensic laboratory in the North East, we have the expertise and resource to guide software application companies through the process of certification.

Digital Forensics

SRM’s Digital Forensics team has over 60 years combined experience in the criminal and civil investigation field, including over 40 years specialising in Digital Forensic analysis.


When choosing a managed eDisclosure service provider, trust and experience are key requirements.


At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual company.

Disaster Recovery Planning

As experienced providers of DR planning services, SRM works with clients to prioritise the survival of the business and the resumption of normal working practices as soon as possible.

Related articles

Why the prioritisation of breach identification and containment are crucial elements of every cyber defence strategy

One of the most significant elements of the current cyber threat landscape is the amount of time it takes to actually detect and contain a breach. In a study..

GDPR and data security in the gambling industry

This article first appeared in the Q3 edition of Casino & Gaming International  (CGi ) and appears here with their kind permission. As the implications of the General Data..

Pen testing: seeing both the wood and the trees

If recent well-documented breaches tell us anything it is that even organisations with large budgets and skilled cyber security teams can miss something. In spite of their best efforts,..