Call us on 03450 21 21 51

SRM Solutions
Managed Services & Virtual Roles


At SRM we have developed the VirtualCISO™, a totally bespoke service, providing as much or as little as required depending on the individual company.

Who is the service for?

Whether a sole trader or a large multinational, every business must assign the role of Chief Information Security Officer (CISO), Information Security Manager (ISM), Data Protection Officer (DPO) or Senior Information Risk Owner (SIRO). The individual in this role is under a legal obligation to ensure that all information is protected and, with potential data breaches running to thousands, it can be a daunting task.

What is the challenge?

Qualified individuals with the level of experience required to take on demanding information security roles are hard to find. If the right individuals can be recruited they benefit from the provision of additional support and resource. In addition, due to a number of reasons including the pressure of the role, the tenure of senior information security professionals is notoriously short. This often leads to periods of disruption while a new incumbent works their way in.

How does it work?

At SRM we have developed VirtualCISO™ and VirtualISMTM, totally bespoke services, providing as much or as little as required depending on the individual company. Some may know exactly what they need and have the technical expertise to deliver it, while others may simply want to have the whole problem removed from their desks, in the certain knowledge that everything is being dealt with on their behalf.

With VirtualCISO™ and VirtualISMTM a company board – or a sole trader – can understand their responsibilities and company risk profile, prioritise mitigating actions, confirm adherence (or not) to industry/sector standards and regulations, and find out how best to proceed in ensuring compliance in a cost-effective manner. In this way they will also be evidencing that they put the needs of their clients first, thus maintaining or gaining reputational and financial advantage amongst their competitors.

Associated services


Our team provides a business-focused service to organisations of all types and size, at all ends of the GDPR-readiness spectrum.


The SRM PCI DSS compliance team includes leading QSAs who use their wealth of experience to help organisations at all levels to understand not only how to comply but also how to reduce costs.

Cyber Essentials

The SRM team is experienced in all aspects of Cyber Essentials certification. We can do as much or as little as is required.

ISO 27001

SRM guides you through the entire ISO27001 certification process, helping you to review continually and refine the way you handle information security, not just for the present, but for the future.

Retained Forensics & Incident Response

Ensuring you have access to Forensic Incident Response expertise is a proactive approach your organisation can take to information security.

Disaster Recovery Planning

As experienced providers of DR planning services, SRM works with clients to prioritise the survival of the business and the resumption of normal working practices as soon as possible.

Business Continuity Planning

SRM’s consultants use their experience to develop a planned programme of actions to protect a business’s critical functions and enable it to continue or re-start with minimal disruption

Related articles

The GDPR compliance fallacy

There is a curious irony that the enactment of the General Data Protection Regulation (GDPR), drawn up to protect the rights of individuals and their right to online privacy,..

The A to E of cyber maturity

In a recent report, the Philippine government’s Department of Information and Communications Technology (created in 2016) outlined a scale of cyber resilience based on an A to E grading..

Cyber resilience: it’s a board level issue

The problem with cyber resilience is in the name. When it comes to managing the risk posed by potential hackers and the requirement for robust testing and defence protocols,..