Credits – Terms and Conditions
1 Credit = 1 hour consultant capacity to call off against any of the below credit uses. Below credit uses are split between P1 and P2 use cases, Essentials package credits can only be used against credit uses noted as being of P1 type, all other packages are not restricted to either type and credits can be used against any activity type in either P1 or P2 use cases.
Credit allowance is refreshed every 30 days upon successful renewal payment, unused credits do not carry over.
Larger tasks can be completed across multiple months using the corresponding credit allowances.
If required, additional credits can be purchased in packs of 5. Each additional credit pack is £550.
Credits can only be used to provide services directly to subscribed organisation. Use of credits to provide subcontracted / third party services is strictly prohibited.
| P1 Credit uses | P2 Credit uses |
|---|---|
| Threat modelling – for company, industry, network diagram, facility plans, applications etc. | vCISO support |
| Risk assessments – of new services, threat intelligence, vulnerability assessments, application/system/network architecture designs, gap analysis, potential suppliers, proposed governance changes etc. | Strategic planning & Roadmaps |
| Gap analysis – Legal / regulatory compliance for existing requirements or potential expansion into new industries / countries. Benchmarking against frameworks such as ISO 27001, NIST CSF, NCSC’s CAF, Cyber Essentials Plus. Application benchmarking against OWASP top 10, and ICO recommendations for safe and ethical AI applications etc. | Capability development – Maturity planning / implementation support. |
| DPIA Support – (Data Protection & Impact Assessment) | IR / Crisis Tabletop Exercises – Planning, execution, lessons learned |
| Policy / Document set – review and recommendations – ISMS / RMADS / SyOps etc. | Phishing simulations – Planning and implementation support |
| Supplier Assurance Questionnaires – Support developing or responding to | Security ROI – Assessments, improvement planning |
| Exec OSINT – Understand the exposure of your key stakeholders | |
| IT Health Check and Pen testing orchestration – scoping support, tester engagement, findings evaluation and remediation management | |
| Threat hunting exercises – Misconfigurations (On-prem and cloud), poor practices, escalation paths and potential IOC’s based on recent threat intelligence. |