Cookies policy

The SRM website uses cookies to store information on your computer. By continuing to browse this website you are agreeing to our use of cookies. Learn more

The cookies stored on your computer when using the SRM website are used to anonymously record your usage of the website using Google Analytics.

Please read our privacy policy for further information.

Cookies accepted

Thank you - you've accepted our cookies policy.


As the world of information security becomes ever more challenging and complex, the role of Chief Information Security Officer (CISO) becomes more demanding. At SRM we have developed the VirtualCISO™, a totally bespoke service, providing as much or as little as required depending on the individual company.

It's only logical

As the world of information security becomes ever more challenging and complex, the role of Chief Information Security Officer (CISO) becomes more demanding. Whether a sole trader or a large multinational, every business has to assign the role of CISO or Senior Information Risk Owner (SIRO). The individual in this role is under a legal obligation to ensure that all information is protected and, with potential data breaches running to thousands, it can be a daunting task.

In fact, not only is a company’s reputation and financial viability at stake if a data breach occurs, but legislation is coming into force in May 2018 which will make adherence to a new European-wide standard compulsory for everyone.

Few have the level of expertise required to fulfil this role on both a practical and strategic level. Yet the same could be said of accountancy and legal roles which are usually outsourced to specialist professionals. No one expects a company employee to mitigate against potential legal action without the support of a legal expert. In the same way, accessing the expertise of a CISO team is only logical.

The virtual team model

The prospect of employing a balanced CISO team may sound prohibitively expensive. But it is not if a range of experts are in-sourced on demand via a virtual team model. Or a fully outsourced model is considered, delivered by an industry leader.

At SRM we have developed the VirtualCISO™, a totally bespoke service, providing as much or as little as required depending on the individual company. Some may know exactly what they need and have the technical expertise to deliver it, while others may simply want to have the whole problem removed from their desks, in the certain knowledge that everything is being dealt with on their behalf.

With VirtualCISO™ a company board – or a sole trader – can understand their responsibilities and company risk profile, prioritise mitigating actions, confirm adherence (or not) to industry/sector standards and regulations, and find out how best to proceed in ensuring compliance in a cost effective manner. In this way they will also be evidencing that they put the needs of their clients first, thus maintaining or gaining reputational and financial advantage amongst their competitors.

The gap

All organisations operating in today’s business environment need to invest in a combination of technical services and technology to process the information we need to do business. In many cases, these products and services were not designed to work with each other and experience shows that it is normally the gaps between these tools and services that lie at the root of most of the security challenges facing our businesses. This means that our investment is often undermined, and crucially, we are often unaware of this vulnerability until it is too late.

  • Strategy

    Definition and maintenance of an effective security strategy and business continuity plan

  • Awareness

    A proactive approach to keeping up-to-date with ever-changing threats including the latest social engineering threat vectors

  • Knowledge

    Training of all relevant personnel in how to manage change to the broad spectrum of legal requirements such as data protection, emerging GDPR legislation or computer misuse

The solution

To fill this gap, we need someone who understands the current information risk environment in which the business operates and who can take responsibility for all strategic information security goals – the role of CISO – with proven experience and authority to perform the function for their business or organisation. This individual needs to inform, influence and support the organisation’s board, shareholders or partners and requires the knowledge and resources to engage their full support. This applies to micro businesses through to large companies and institutions.

It’s especially important when a business or organisation:

  • Is reliant on the internet to do business

  • Is reliant on the availability of third party services to do business

  • Holds Intellectual Property or sensitive client information

  • Holds someone else’s sensitive data

  • Is subject to external compliance requirements (eg, PCI DSS, Data Protection Act, Cyber Essentials, ISO 27001, ISO 9001)

Key benefits

  • Access your own VirtualCISO™ team led by an individually-assigned senior IS consultant who will be your key contact throughout

  • Prioritise activity through an analytical audit of your existing risk, compliance and security frameworks

  • Assess and develop the information security skills of your wider team

  • Benefit from a pragmatic and collaborative relationship where trust is key: you will never be pressured to utilise services you do not need

  • Engage with experienced highly qualified consultants to develop, enhance and refine a comprehensive information security strategy

  • Develop and deliver senior-level presentations detailing your security posture to key stakeholders

  • Co-ordinate any security breach or incident investigations within a remedial, preventative strategy

  • Draw on the expertise of the wider SRM team if required including penetration testing, PCI compliance and Cyber Essentials.

What do I do next?

To find out more about how SRM can help your business or organisation with the VirtualCISO™ solution, please call us on 03450 21 21 51 to talk to one of our experts.

  • This field is for validation purposes and should be left unchanged.

Thanks, we've received your details.

We'll be in touch shortly to discuss your requirements. In the meantime, please download your exclusive free copy of SRM's Guide to Cyber Essentials below.

Download your free copy