Managed security administration

Your security, administered for you

We run your security day-to-day: identities, access, MFA, patching, configurations, secrets and compliance — without you having to hire a CISO. You keep control of the decisions; we keep the posture current, hardened and documented.

This is security administration built as a managed service: clear governance, a compliance report ready for your clients and audits, and detection & response alongside it — not a consultant billed by the day.

Who it’s for

• SMBs that must prove their security — your clients, your cyber insurer or a standard (ISO, SOC 2) wants evidence. The Pro tier delivers the compliance report and the review cadence that go with it.
• M365 / Google + SaaS estates — you have identities and applications to secure properly. We manage SSO, MFA and the posture of each platform.
• Organisations with no CISO but real obligations — you can’t justify a full-time hire. The Signature tier adds a monthly vCISO check-in.

What’s managed

Responsibilities are split clearly and in writing:

• We manage: IAM/SSO configuration, MFA enforcement and conditional access.
• We manage: patch governance, hardening baselines and tracking their drift.
• We manage: secrets-vault administration, access reviews and the security posture of your SaaS / M365 platforms.
• We manage: the compliance report and incident triage, with a documented hand-off to our SOC.
• You keep control: business decisions and policy sign-off.

Features included

• IAM/SSO configuration and MFA enforcement on every tier
• Patch and configuration governance
• Secrets-vault administration (no secret ever stored in clear)
• Periodic access reviews (annual, quarterly or monthly by tier)
• M365 / Google and SaaS security-posture management
• Maintained hardening baselines, with drift monitored on the Signature tier
• Compliance report ready for clients, audits and cyber insurance
• Incident triage and response, with hand-off to our managed SOC

The Essential, Pro and Signature tiers, with their published prices and quotas, are detailed in the table below.

Security included

Security isn’t an upsell in your cart: it’s the whole point of this service. Every organisation we administer has its identities locked down, its patches governed, its secrets held in a vault and its posture measured. When an incident occurs, we contain it first and keep you informed in plain language. You keep control of the decisions; we keep the posture hardened and current.

Frequently asked questions

How is this different from an EDR or a SOC?

Security administration is configuration and governance: identities, MFA, patching, hardening. A SOC is 24/7 detection and response. The two complement each other and add onto the same invoice.

Does this help with ISO, SOC 2 or GDPR?

Yes. We keep the posture current and produce a compliance report formatted for your auditors, your clients in due diligence and your cyber insurer.

Do you manage Microsoft 365 and Google Workspace?

Yes. SSO, MFA, conditional access and each platform’s posture are managed — up to one platform on Essential and with no limit on Signature.

How are my secrets handled?

In a vault we administer, never in clear in code or a file, with a rotation policy on the Signature tier.

What do you do during an incident?

We triage and contain the incident, then hand off in a documented way to our managed SOC. Response is included from the Pro tier.