cyber security & resilience.

Risk & Assurance Services

All organisations need to understand how cyber risks threaten them, and how their security and resilience controls measure up in dealing with these threats. Organisations are now required to demonstrate compliance with industry best practice, whether regulatory, statutory or good corporate governance.

Clarity around where you are as an organisation, and where you want to get to, drives our thinking. Our approach balances the need to protect your assets, with the need to ensure your organisation is resilient to an attack, and can recover effectively.

Our specialist team can assess, assure, audit and accredit your systems and services, and ensure all the correct controls are delivered in a fully traceable, justifiable and cost effective way. They bring thought leadership, practical experience and leading edge methodologies and toolsets, which you will find invaluable.

Our Services Include:

  • Risk Assessment, assurance and accreditation to HMG standards and processes
  • The gold standard in best practice – AXELOS Resilia will provide a new benchmark, and our relationship with Aprose Risk ensures we have access to the very latest thinking
  • Privacy Impact Assessments
  • Contractual Security Assurance assessment and audit (often combined with Commercial and Enterprise Architecture assessments of any contract)
  • Maturity Model assessment
  • Design, solution and architecture assessment

Specialist Services:

As well as our packaged services, our experienced cyber security team is able to offer its expertise across a number of specialist areas. These include:

  • Public Key Infrastructures
  • Identity Management and Access Control
  • Business Continuity Assessment and Planning
  • Sharing Information Securely – protocols, policy and controls, data protection
  • Cyber security and resilience audit planning and review


  • Security requirements development, requirements management, and procurement support
  • Risk Assessment, assurance and accreditation to HMG standards and processes
  • Full risk management and risk treatment planning, IT Governance and Regulatory Compliance Assessment
  • Risk Management and Accreditation Document Sets (RMADS) for accreditation
  • Information Security Management System (ISMS) / ISO 27000 Series audit and accreditation
  • Cyber Essentials, Data Protection, ISO27001, NHS Information Governance Toolkit assurance and audits
  • Hosting Provider, application, and network security design and assurance
  • Authentication and access control, including two-factor authentication and single sign-on.


  • IA/Data Protection Strategy and Policy development and review
  • Stakeholder engagement, providing thought leadership, influencer and trusted advisor roles
  • Programme, Project and Team management, leadership and mentoring
  • Regulatory and Commercial engagement across Government, Supplier and Customer
  • Best practice Public Key Infrastructures, Identity Management and Access Control
  • Sharing information securely – protocols, policy and controls, data protection
  • Proportionate approach to confidentiality, authenticity, non-repudiation, availability and integrity
  • Business Continuity / Disaster Recovery Assessment and Planning
  • Cross sector experience in government, health, energy, transport, legal, financial, complemented by ASE’s technology, delivery and commercial practices.

All our services are flexible and designed to meet your different needs and budgets. We can provide a work package deliverable-based engagement, in addition to longer-term or ad hoc consultancy. Many of our clients ask us to work collaboratively with their own teams to provide targeted and specialist skills transfer. This approach allows you to augment your existing teams as and when necessary or to achieve particular goals and deliverables. The fact that so many clients use us again and again is testament to the quality of our work and the flexibility we can offer.

ASE Consulting has more than 30 years experience in IT security and assurance, working in both the public sector and private sector for some of the largest organisations in the world; from initial strategic advice through to successful delivery. We can cover all aspects of cyber security and resilience; including strategy, architecture, risk management, solutions, policy, governance, leadership and assurance. Our services can be requested at any point during your programme or project lifecycle.